Large companies find an average of 779,935 individual security bugs when running routine vulnerability scans. Over the course of six months, 28 percent of those vulnerabilities will remain unmitigated. A full 57 percent of respondents said their organizations don t know which vulnerabilities pose the highest risk to their businesses. Only a quarter said they re able to prioritize patching based on which assets are the most important to the business. And only 21 percent of organizations are highly effective in patching vulnerabilities in a timely manner.
Source: https://threatpost.com/large-orgs-plagued-bugs-patch-backlogs/158433/