NTT Application Security Details Window of Exposure Vulnerability Risks

NTT Application Security published Volume 8 of its monthly AppSec Stats Flash report. This document examines application security and the broader industry. The new report notes that average “time to fix” for high-severity vulnerabilities increased by 10 days, to 256, over the past month.

Among NTT’s findings are:

  • Noticeable increase in “window of exposure” for utilities, retail and other “high-profile” sectors, allowing for potential increases in supply chain and ransomware risk. This metric, in particular, indicates a “serious vulnerability that can be exploited to data breaches.”
  • Consistent Top 5 vulnerability classes by prevalence.
  • A7 – XSS remaining fourth most prevalent, with a “combinatorial” line of attack regarded as the best method for eliminating the vulnerability, integrating mitigation/remediation, template engine use and contextual output encoding.

NTT also noted a three percent increase in the basis points in WoE (Window of Exposure) to 61 percent for retail this month, with applications in the utility space also continuing to suffer from high WoE; 67 percent of applications had “at least one” serious exploitable vulnerability this year.

NTT Application Security is an independent, wholly owned subsidiary of NTT, and is part of NTT’s security services portfolio.