We begin by taking a high level view of the vulnerability landscape over the past year, from anonymized data gathered from the edgescan vulnerability management SaaS. This data-set provides a snapshot of vulnerabilities in thousands of servers and web applications across the globe.
From this data, we provide our opinion and insight on why we think some of the trends are present and that traditional static approaches to dynamic problems, is producing diminishing results. We ask, what is the ultimate goal, application security or risk? Protecting applications or protecting businesses and data? We note the trend towards a continual approach to application security and see the benefits of ‘pushing left’.