IPA Revises Website Vulnerability Guide for the First Time in 8 Years

On March 30, the Information-technology Promotion Agency (IPA) revised and released the “Vulnerability Response Guide for Corporate Websites” for small website operators for the first time in eight years. At the time of revision, IPA conducted a questionnaire on the current status of vulnerability countermeasures to 301 companies that operate small-scale sites in December 2020, and extracted issues by comparing with the results of the survey conducted in FY2012. According to the results of the questionnaire, 46.2% answered “no change” and 42.5% answered “significantly increased” or “increased” regarding the importance of the website and the degree of impact of the business. In addition, 63.8% said that the cost of security measures for websites was “unchanged”, and in terms of issues, “it is difficult to acquire technology related to vulnerabilities and security” (about 70%) and “where is information on vulnerabilities and security?” “I don’t know” (about 60%) and “There is too much information about vulnerabilities and security and it is difficult to sort out” (about 60%). In the revised guide based on these results, we updated the actual damage cases and added points to consider when using cloud services or requesting outsourcers. It is said that it has responded to the issues faced by small website operators, such as including a checklist on the necessity of countermeasures.