There is a major divide between IT and security professionals regarding the criticality and frequency of application updates, the amount of time required for tuning existing application security solutions, and the number of backlogged vulnerabilities.
That’s according to Prevoty, which has released a report titled The Real Root Cause of Breaches - Security and IT Pros at Odds Over AppSec. It found that half of IT professionals update applications only once every one to six months, while 52% of security professionals update applications at least once a day, if not multiple times a day.
Both IT and security professionals spend significant amounts of time tuning existing application security solutions, the survey revealed. In fact, that’s where security professionals spend over 80% of their time, and IT professionals almost 40% of their time, leaving both groups with little time for other duties.
Perhaps the starkest difference between the two groups has to do with patching. Security professionals report having up to 5,000 vulnerabilities currently backlogged, while IT professionals state they have no vulnerability backlog.
“Attacks against web applications are rising dramatically, and protecting these applications continues to be a struggle,” said Prevoty CEO and co-founder Julien Bellanger. “It’s surprising to discover that so many IT professionals are uninformed about, or under-prioritizing, this phenomenon. Bridging the gap between security and IT professionals is critical to take application security to the next level.”
Photo © alphaspirit