A recent study by WhiteHat Security examined over 3,000 websites administered by 400 different organizations and found that the surveyed sites were vulnerable to attack more often than not.
The study looked at the both the presence of a vulnerability and the length of time before remediation. The results showed that the websites were exposed 270 days of the year on average.
Education sector websites lead the pack with nearly eighty percent remaining vulnerable at least nine months of the year, followed by retail and social networking sites.
Websites in sectors subject to more regulation, such as finance and healthcare, showed the lowest rates with about fifteen percent vulnerable over the same period.
"It's inevitable that websites will contain some faulty code -- especially in sites that are continually updated. Window of Exposure is a useful combination of the vulnerability prevalence, the time it takes to fix vulnerabilities, and the percentage of them that are remediated. Specifically for CIOs and security professionals, measuring window of exposure offers a look at the duration of risk their business and user data is exposed to by not having sufficient remediation processes in place," Jeremiah Grossman, founder and CTO of WhiteHat Security, told DarkReading.
The leading vulnerability was "Information Leakage", which describes inadvertently revealing sensitive technical information about the site environment, applications or users.