Identification of web application vulnerabilities is only half the battle with remediation efforts as the other. In an ideal world, application defects could be quickly fixed within the application's code and pushed out into production rapidly. Let¹s face the facts, there are many real world business scenarios where it is not possible to update web application code in either a timely manner or at all. This is where the tactical use-case of implementing virtual patches to reduce attack surface plays a critical role. In an effort to obtain valid data on virtual patching processes and challenges, OWASP has created a community survey. If your organization leverages virtual patching as a part of your remediation strategy, please fill out the survey http://blog.spiderlabs.com/2012/02/call-for-assistance-owasp-virtual-patchin g-survey.html. It is only 10 questions and by taking the survey, you could also win a free spot in the upcoming OWASP AppSecDC Virtual Patching Workshop <https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Training/Virtual_Patch ing_Workshop> . We are also planning a future blog post with results from the survey. Thanks for your help. -- Ryan Barnett Trustwave SpiderLabs ModSecurity Project Leader OWASP ModSecurity CRS Project Leader