PCI Hosting Information & Guide

The guide to PCI Compliance and PCI Web Hosting

Survey Shows Vulnerabilities Decreasing

A recent survey shows that vulnerabilities may be on the downward trend when it comes to PCI compliance services. The recently released WhiteHat Website Security Statistics Report has conducted every year since 2006 to present the statistics of existing website vulnerabilities, including those from custom Web applications. Is PCI compliant web hosting having a major impact on how merchants protect themselves from potential data breaches?

Looking at Numbers

The overall trend toward addressing vulnerabilities is encouraging. The remediation rate for all surveyed sites was 61 percent last year in 2012, which is almost double the 35 percent rate from the 2007 survey.

The top vulnerability for 2012 was cross-site scripting, affecting 43 percent of surveyed sites, followed by content spoofing, impacting 13 percent of sites, and information leakage, which affected 11 percent of respondents. Although half of all the scripting vulnerabilities were resolved, the average length of time taken to provide a resolution was 227 days.

Although initial response time may be slow, the sites that did experience breaches were more likely to have fewer vulnerabilities in the future – 51 percent fewer, in fact – as well as resolving those vulnerabilities 18 percent faster. Remediation rates were four percent higher than average as well.

On average, the surveyed websites contained 56 vulnerabilities last year alone, which may seem like a high number until you compare it with the 230 vulnerabilities per year that were reported in 2010.

At least one serious vulnerability was found in 86 percent of all websites; vulnerabilities are defined as serious if they could allow an attacker to compromise sensitive data or user accounts, or if they violate any of the PCI DSS compliance requirements.

These trends show businesses moving forward in a positive direction, although they still have a long way to go.