INTRODUCING the report

NopSec presents top findings from our third annual survey of IT Security and Risk practitioners. The goal of the survey is to provide a snapshot of the current state of vulnerability risk management (VRM) and challenges that impact the remediation process within organizations. The report presents current findings of how information security (infosec) teams measure vulnerability management success, the perceived level of understanding among senior leadership when it comes to cybersecurity programs, and finally, priorities for improving VRM in the coming year.


Nearly one-third of respondents do not have metrics in place to measure the success of their vulnerability risk management programs.
Critical Web App vulnerabilities take the longest to remediate at an average rate of 30-60 days.
Integration with incident response system is one of the top priorities for vulnerabilities risk management programs in 2018.