Most of 30,000 websites had at least one serious vulnerability for 150 or more days last year. Retail sites ranked second in the number of vulnerabilities, with 55 percent of the websites having one vulnerability every single day of the year. Compliance-driven companies took longer to fix vulnerabilities — 158 days compared to 115 days for risk-driven firms. Companies that have a process for putting vulnerability results into bug tracking systems have, on average, 45 percent fewer vulnerabilities and increase their remediation rates by 13 points.”]