Vulnerability backlogs of more than 100,000 flaws have been reported by 66% of security leaders, while 54% of respondents noted patching less than half of the bugs in the backlog, according to VentureBeat.
Moreover, 78% said that it takes more than three weeks to remediate high-risk vulnerabilities, with the prolonged timeline for addressing flaws attributed to inadequate tools, staffing, and vulnerability management awareness, a study from Rezilion and Ponemon Institute revealed.
"Some of the factors they mentioned include an inability to prioritize what needs to be fixed, and a lack of effective tools and a lack of resources. The lack of resources is not surprising as the talent crunch in security is well documented," said Rezilion co-founder and CEO Liran Tancman.
Insufficient vulnerability visibility among organizations has also been hampering remediation efforts, Tancman added. However, automation may help not only to shorten remediation times but also bolster security team productivity, the report showed.
Legislation seeking to address open source software risks in government has been introduced by Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio, according to The Record, a news site by cybersecurity firm Recorded Future.