tCell released its Q2 2018 “Security Report for In-Production Web Applications” Researchers analyzed more than 316 million security incidents across its customer base. XSS attacks aimed at application users were the most common type of incident detected. 90% of active applications had a known CVE, tCell says, while 30% had a critical CVE during the second quarter. It took an average of 38 days for an organization to patch a vulnerability, regardless of its severity level, according to tCell’s report.”]
Source: https://www.darkreading.com/cloud/it-takes-an-average-38-days-to-patch-a-vulnerability