Application security SaaS company Indusface has released AcuRisQ on Indusface WAS, its dynamic application security testing platform. AcuRisQ is aimed at helping enterprise security leaders prioritise critical vulnerabilities to fix based on automatically derived factors such as business criticality, discoverability and east-west dependence.

With AcuRisQ, Indusface WAS users will be able to perform vulnerability analysis and get a prioritised list of vulnerabilities to patch first, the company said.

A critical vulnerability in a QA environment, for example, need not be patched at the same urgency as the same vulnerability in a customer-facing app. There are many such scenarios where CVSS scores devoid of business context can lead to vulnerability fatigue. This is reflected in a study by Help Net Security, which shows that 85% of CISOs acknowledge that their teams suffer from alert fatigue.

“Alert fatigue is not only putting large enterprises at risk but also putting CISOs at the risk of losing credibility. Especially when they directly send VAPT reports with hundreds of open vulnerabilities across tens of applications. With AcuRisQ, they can reduce this number by up to 80% and help application teams find and patch the vulnerabilities that cause the biggest business risk,” said Ashish Tandon, founder and CEO, Indusface.

According to the State of Application Security Report 2023 by Indusface, an average enterprise sees hundreds of critical and high-level vulnerabilities throughout the year, with one-third of them open for more than six months. Understanding the vulnerabilities that pose the highest business risk and fixing those as a priority is therefore important.

According to Indusface, AcuRisQ offers features such as zero false positives on reported vulnerabilities, risk score of open vulnerabilities on various parametres, including criticality of application and severity and discoverability of the vulnerability, along with detailed remediation guidelines.