New WhiteHat Security data shows vulnerability-free Websites start with half, but similar, bugs as sites riddled with bugs
WhiteHat Security's new Website security statistics released today came with a mostly unchanged list of the top 10 vulnerabilities -- cross-site scripting (XSS) is still king -- but also a peek at some characteristics of Websites that are free of vulnerabilities.
Among the 1,364 Websites scanned by WhiteHat and included in the report, 36 percent had no vulnerabilities at all, and 17 percent had never had a serious one. WhiteHat counted 1,800 vulnerabilities. But Jeremiah Grossman, founder and CTO of WhiteHat, says the real tidbit here is what types of bugs the clean sites had eradicated.
"What was striking was not the volume of zero-vulnerability Websites, but that this shows that those that have had vulns [in the past] were characteristically identical to those Websites that do have vulns today," Grossman says. The vulnerability-free sites had experienced the same issues as the bug-ridden ones, he says, demonstrating it is possible to sweep a site clean of vulnerabilities.
More info: http://www.darkreading.com