The cleanup cost for fixing a bug in a homegrown Web application ranges anywhere from $400 to $4,000 to repair. 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an imminent cyber-threat, including Amazon, Costco, Kroger and Walmart. The bugs rate 10 out of 10 on the vulnerability-severity scale, thanks to the ease of exploitation. The bug fixes rate at least 10 out the scale of the vulnerability scale.
Source: https://threatpost.com/whats-cost-fixing-application-vulnerability-051209/72689/