2017 breaks record for new vulnerabilities
More than 20,000 new vulnerabilities were cataloged in 2017 according to breach analysis specialist Risk Based Security.
The figures from the company's own VulnDB eclipsed the total covered by MITRE's Common Vulnerability Enumeration (CVE) and the National Vulnerability Database (NVD) by more than 7,900.
These vulnerabilities published by VulnDB in 2017 that are not found in CVE/NVD, impact products that are widely used in all sizes of organizations.
"Incredibly, we see too many companies still relying on CVE and NVD for vulnerability tracking, despite the US government funded organization falling short year after year," says Brian Martin, VP of vulnerability intelligence for Risk Based Security. "While some argue that the CVE/NVD solution is 'good enough', that simply isn't the case. Just look at the number of web and computer hacking data breaches reported on a regular basis. In addition to a false sense of security, the 'good enough' mindset often leads some to believe that the important vulnerabilities are covered, and that isn't the case either."
Web-related issues account for over half of all vulnerabilities disclosed last year, 31.5 percent had public exploits, and 24.1 percent had no solution at the time of the report. The VulnDB QuickView report also reveals that while relationships between researchers and vendors can at times appear strained, they are continuing to attempt to work together. Vulnerabilities disclosed in a coordinated fashion with vendors was relatively consistent at 44.8 percent, compared to 45.6 percent in 2016.
"Organizations that track and triage vulnerability patching saw no relief in 2017, as it was yet another record-breaking year for vulnerability disclosures," Martin adds. "The increasingly difficult task of protecting digital assets has never been so critical to businesses as we continue to see a rise in compromised organizations and data breaches. If your vulnerability intelligence solution didn’t offer information on the more than 20,000 vulnerabilities disclosed in 2017, your organization is at an increased risk."
You can get a full copy of the 2017 Vulnerability QuickView report from the Risk Based Security website.