Analysis of over 500K vulnerability reports over six years indicates enterprises can save 9,760 hours and $488,000 annually
Invicti Security, a global innovator in application security, today announced the results of an extensive analysis of six years’ worth of real-world vulnerability data processed by the Invicti Enterprise solution.
Your Information will be kept private.
Stay up to date on web security trends
Your Information will be kept private.
New Invicti research reveals Proof-Based Scanning automatically confirms 94% of direct-impact vulnerabilities with 99.98% accuracy
Austin, TX, September 28, 2021 – Invicti Security™, a global innovator in application security, today announced the results of an extensive analysis of six years’ worth of real-world vulnerability data processed by the Invicti Enterprise solution. The research found that Invicti’s Proof-Based Scanning technology automatically confirmed 94% of direct-impact vulnerabilities with a confirmation accuracy of 99.98%. In other words, only 0.02% were later found to be false positives. The analysis of anonymized customer data suggests the following trends:- Security teams suffer from alert overload: The average security team manages more than 500 websites and applications, each of which annually generates an average of 20 vulnerabilities. This means security teams are responsible for validating a staggering 10,000 vulnerabilities per year.
- False positives in scan results cost time (and money): With the average time to manually investigate a vulnerability estimated at one hour, enterprise security teams are spending nearly 10,000 hours a year checking unreliable vulnerability reports. Invicti found that this lost time could cost enterprises as much as half a million dollars annually.
- Manual vulnerability verification delays remediation and detracts from valuable security work: Deploying accurate automated vulnerability confirmation enables issues to be remediated quickly and frees security professionals’ time so it can be spent on high-value security and development projects.