It takes over a month for the average organization to patch its most critical vulnerabilities, according to a new report detecting trends in Web application attacks.

The data comes from tCell, which today released its Q2 2018 “Security Report for In-Production Web Applications.” Researchers analyzed more than 316 million security incidents across its customer base and published key findings on the most common types of real-world attacks taking place within in-production Web apps in the Amazon Web Services and Microsoft Azure cloud ecosystems.