Attackers exploit new application vulnerabilities in just 5 days.

The average application is exposed to 81 confirmed, viable attacks each month that evade other defences

On average, applications contain 30 serious vulnerabilities.

Applications face an average of 17 new application vulnerabilities per month.

Developer teams remediate, on average, 6 application vulnerabilities per month.

It takes an average of 84 days to patch even the most critical flaws in applications.

The average application is targeted by attackers once every 3 minutes.

GPT4 can write exploits for 87% of known vulnerabilities.

95% of software weaknesses are directly attributable to open-source code.

26% of security professionals said AI code generation and vibe coding risks were the most pressing or high-stakes issue AI creates for organizations today.

Nearly a third (29%) of teams still lack the tools and processes needed to analyze SBOMs for vulnerabilities.

35% of security professionals said data security and privacy risks was the most pressing or high-stakes issue AI creates for organizations today.

Over 90% of modern codebases are built upon open-source dependencies.

Almost all (88%) of respondents reported that AI has the potential to critically or significantly enhance software supply chain security visibility.

70% of respondents admitted that when a fix is not available for a vulnerability, they either don’t have or are not sure if they have a remediation plan in place

32% of security professionals think they can deliver zero-vulnerability software.

47% of security professionals have not started SBOM integration or are presently evaluating tools and practices.

A substantial 34% of security professionals reported difficulty in accurately identifying and tracking open-source components.

68% of security professionals feel uncertain about achieving the near-impossible outcome of zero-vulnerability software.

Almost half (48%) of security professionals are falling behind global SBOM compliance regulations.