WhiteHat Security analyzed data from application security tests performed at customer locations last year. US organizations tested 20% more applications last year for security issues than they did in 2017. Yet they remediated barely half (50.7%) of all critical vulnerabilities discovered in their application software. The average time to fix critical vulnerabilities was 22 days in organizations that had implemented DevSecOps, comparedwith 149 days in other organizations. The biggest risk to organizations was from using unpatched third-party libraries, which increased 50% in number in the past year.”]