Threats to web, mobile and API-based applications are growing rapidly, and the average time to remediate them is not improving, with critical vulnerabilities remaining open for an average of 202 days, according to NTT Application Security.

NTT Application Security has released its latest AppSec Stats Flash report, which examines the current state of application security and the broader threat landscape. It reveals that the utility sector is the most affected, with 66 percent of applications in that sector having at least one serious exploitable vulnerability throughout the year.

Looking at the "window of exposure," or the length of time an application has a serious vulnerability that can be exploited for data breaches, applications in the education, manufacturing, retail and wholesale sectors all saw an increase in the window of exposure this month. The wholesale sector saw a 7 percent increase, while education, retail and manufacturing increased by 4 percent and healthcare by 2 percent. Year-to-date, wholesale trade has seen a 15 percent increase in the exposure window, while utilities has seen an 11 percent increase.

On a more positive note, the finance and insurance sectors improved from last month, recording a 2 percent decrease in their exposure window. The manufacturing, government, and healthcare sectors also saw a decrease in their exposure levels during the first six months of the year, likely due to an increased focus on security as a result of targeted breaches and/or new regulations.

The average time to fix critical vulnerabilities has increased from 197 days at the beginning of the year to 202 days at the end of June. For high vulnerabilities, it increased from 194 days to 246 days at the end of June.

Source: NTT Application Security