The report found that ninety-seven percent of security vulnerabilities labeled as “critical” could actually be deprioritized

Datadog, Inc., the monitoring and security platform for cloud applications, released its 2023 State of Application Security Report. To better understand the current vulnerabilities and threats targeting DevOps organizations, researchers evaluated real-world data from thousands of Datadog customers. According to the report, only three percent of critical vulnerabilities are truly high risk and worth prioritizing.

The emergence of widespread vulnerabilities and the importance of rapidly discovering vulnerable applications means the onus is on DevOps teams to stay ahead of threats while maintaining release velocity and ensuring efficient use of security budgets. All vulnerabilities rated critical by the Common Vulnerability Scoring System (CVSS) get prioritized for fixes by application and security teams. However, according to Datadog’s 2023 State of Application Security Report, only three percent of vulnerabilities rated as critical by the CVSS are actually worth prioritizing.

Marketing Technology News: MarTech Interview with Baba Diallo, Director of Creator Relations at Calaxy

The research report compared the standard CVSS severity score with a modified severity score that accounts for runtime context. This approach considers evidence of suspicious traffic, as well as internet-exposed or sensitive environments. As a result, ninety seven percent of vulnerabilities labeled as critical by CVSS could be downgraded and assigned a lower severity score.

“In today’s macroeconomic environment, it is more important than ever to optimize costs wherever possible. For security teams, that means there is increased pressure to find and fix the vulnerabilities that will most impact the business,” said Emilio Escobar, Chief Information Security Officer at Datadog. “The findings in the State of Application Security Report show that there is a clear path to maximizing the efficiency of security budgets this year by prioritizing the three percent of vulnerabilities that are actually critical and will have the greatest impact on the organization’s security posture.”

Other findings from the report include:

• One out of every ten attacks targeted non-production environments.
• Seven out of ten attacks failed to succeed because they targeted the wrong programming language, operating systems or vulnerabilities.
• Java services have the most critical vulnerabilities while Python services have the fewest.

Marketing Technology News: PowerDMARC Email Authentication Platform Announces Integration with Gradient MSP