The average website is vulnerable more than 270 days a year

THE AVERAGE WEBSITE is vulnerable most days of the year, according to a report.

Insecurity firm Whitehat examined more than 3,000 websites across 400 organisations during 2010. It looked at each website's window of exposure, combining research about vulnerability prevalence, time to took to fix problems, and the percentage that were cleaned up.

It found that the average website fell into the category of "always" or "frequently" vulnerable, exposed more than 270 days of the year.

"It's inevitable that websites will contain some faulty code - especially in sites that are continually updated," said Whitehat Security founder Jeremiah Grossman.

The research also found that 64 per cent of websites had at least one information leakage flaw, overtaking cross-site scripting as the top bugbear from the year before. This is a vulnerability where a website will reveal sensitive information, like user or technical data for example.

As might be expected, healthcare and banking websites are the safest, even though they are exposed 14 and 16 per cent of the year respectively. Social networking and retail websites are much more vulnerable, due to the fact that they often introduce new code and are frequently updated.

Surprisingly and potentially alarming is the fact that education organisations are most in danger, with 78 per cent of their websites found to be vulnerable at least nine months of the year. µ