87% of Firms Run Software With Exploitable Vulnerabilities, Datadog Report Reveals
Event summary
- 87% of organizations have at least one known exploitable vulnerability in deployed services.
- 42% of services rely on libraries that are no longer actively maintained.
- 50% of organizations adopt new library versions within 24 hours of release, increasing risk.
- Only 4% of organizations pin all public GitHub Actions to a specific version using commit hashes.
- Median software dependency is now 278 days out of date, up 63 days from last year.
The big picture
Datadog's report highlights a growing tension in software development: as automation and third-party components accelerate delivery, security practices struggle to keep up. The shift toward DevSecOps is critical as organizations grapple with both aging software and the risks of rapid adoption of unvetted updates. This trend underscores the need for better visibility and prioritization in security workflows to mitigate accumulated risk.
What we're watching
- Security Prioritization
- How AI-assisted workflows will help teams focus on the most critical vulnerabilities amid rising alert volumes.
- Supply Chain Risk
- Whether organizations can balance speed and security in software development as third-party dependencies grow.
- Software Aging
- The pace at which outdated software dependencies will accumulate vulnerabilities if not addressed.