The present application relates generally to an improved data processing apparatus and method and more specifically to mechanisms for automatically determining an importance of vulnerabilities identified in an application.
An application vulnerability is a system flaw or weakness in an application that could be exploited to compromise the security of the application. Many organizations use applications to run critical business processes, conduct transactions with suppliers and deliver sophisticated services to customers. Interestingly, while organizations depend on such applications to run their businesses, many invest little to no effort ensuring that the applications are adequately secure. While these organizations understand established security technologies for routine tasks such as networking and operations, and for managing security procedures such as access control and authentication, many struggle with implementing, managing, and maintaining effective application security programs. Since applications can compromise overall security across the entire organization, securing the applications needs to become a top priority.
The ramifications of under-secured applications may be dire. Vulnerabilities inadvertently introduced during development may give hackers the ability to destabilize applications and obtain unfettered access to confidential company information or private customer data. This type of data loss may lead to a damaged brand reputation, loss of consumer confidence, disruption of business operations, interruption of the supply chain, threat of legal action, and/or regulatory censure—all consequences that can ultimately impact profitability.