Talking about application security issues, this is a worrysome statistics from the HP cyber risk report. 86% of all web apps have serious security issues. Not because the developers would have made them intentionally, but because most don’t know how to build secure applications. Clearly much room for improvement there.
And bear in mind that it’s not enough to patch just the OS level, using the tools provided by the OS. The biggest part of vulnerabilities are found in additional, 3rd party software that has been installed in users’ computers. So things like Flash, PDF, Java, browsers, ... So you have to think about a patch management solution that covers your total application space.
Obviously, the hardining part is not only about vulnerability and patch management, but also about topics such as wrong configurations and other application security weaknesses.