Offensive Security Vision Report 2023
Consider this your inside guide to today’s vulnerability management landscape. For this report, we analyzed over 300,000 anonymized findings from thousands of pentest engagements. Why? We think it’s important to share actionable, data-driven insights to help security leaders discover, prioritize, and effectively remediate attack surface exposures.
Dive into the Data
The 2023 Offensive Security Vision Report gives security and business leaders the insights needed to help combat rising challenges around managing vulnerabilities. With a steady increase in vulnerabilities over the past five years, prioritization has become essential.
With staffing shortages, economic pressures, and burnout, fixing every single vulnerability discovered is, simply put, not a reality. We must get more focused and intentional with remediation, and we hope this report is a great starting point for security teams.
In this report, you’ll learn:
- Today’s requirements for remediation SLAs
- The top vulnerabilities by attack surface
- Industries with the largest/smallest volume of high severity vulnerabilities
You’ll also get answers to questions such as:
- What are the greatest barriers to timely and effective remediation?
- Which impactful vulnerabilities are most pervasive across core application, cloud, and network attack surfaces?
- Which attack surface presents the least and most risk?
Lean on our research to guide your vulnerability prioritization and get proactive with your offensive security program.
3 Trends and Observations on the Current State of Remediation
1. Lack of Resources and Prioritization Plague Security Teams
Lack of resources and prioritization are the two greatest barriers to timely and effective remediation today, according to a survey of security leaders.
2. Web Apps Have a Higher Number of Vulnerabilities
Of the applications tested, web applications have the highest prevalence of high and critical vulnerabilities compared to mobile and thick applications.
3. The Insurance Industry Has the Lowest Volume of High Severity Vulnerabilities
On average, the highest volume of critical and high severity vulnerabilities were discovered within the government and nonprofit industry. On the contrary, insurance had the lowest volume of critical and high severity vulnerabilities.