Ugh. According to an analysis by WhiteHat security, half of all healthcare and retails sites are vulnerable at any given time throughout the year. Between keeping track of security issues and actually fixing them, the websites surveyed are behind the eight ball half of the time.
According to the report, the average number of vulnerabilities per site is quite low -- ranging from 2 in the public administration sector to 11 in transportation and warehousing. Yet it all adds up to very long windows of exposure (the number of days an application has one or more serious vulnerabilities open).
According to the report, 55 percent of retail/trade sites, 50 percent of healthcare/social assistance sites, and 35 percent of finance/insurance sites were always vulnerable (vulnerable every day of the year). Education was the best performing on window of exposure -- 27 percent always vulnerable, 40 percent rarely (30 days per year or less).Darkreading