Five vendors account for nearly a quarter of all vulnerabilities

4 Comments

World map with code

Just five major vendors account for 24.1 percent of disclosed vulnerabilities in 2019 so far, according to a new report from Risk Based Security.

The report also reveals that 54 percent of 2019 vulnerabilities are web-related, 34 percent have public exploits, 53 percent can be exploited remotely and that 34 percent of 2019 vulnerabilities don't yet have a documented solution.

"34 percent of vulnerabilities do not have a solution, which may be because vendors are not patching. This can occur when the researcher has not informed the vendor, so they don't know about the vulnerability," says Brian Martin, vice president of vulnerability intelligence at Risk Based Security. "Additionally, if an organization is using vulnerability scanning, they may simply not know about all of their assets. For example, if they are not scanning their entire IP space, or are using a scanner that is unable to identify 100 percent of their assets, then devices and servers may go unpatched."

Of the vulnerabilities not published by CVE/NVD, 28.2 percent have a CVSSv2 score of between 7.0 and 10. Meanwhile, 8.6 percent of vulnerabilities that do have a CVE ID are in RESERVED status despite having a public disclosure.

"An ongoing theme in VulnDB reports is that CVE/NVD continues to fall short in vulnerability coverage," adds Martin. "Many organizations, scanning companies, risk platforms, and security service providers insist that vulnerability intelligence from CVE/NVD is 'good enough'. However, our mindset and approach to vulnerability aggregation is completely different. There are cases where an ID has been assigned to an issue that was published, but MITRE isn't aware. There are thousands of vulnerabilities that we cover with complete details that MITRE still does not. Worse yet, some RESERVED vulnerabilities have been in that state for up to a decade, despite being public for just as long."

The full report is available to download from the Risk Based Security site.

Image credit: zothen/depositphotos.com

4 Comments

4 Responses to Five vendors account for nearly a quarter of all vulnerabilities

Got News? Contact Us

Recent Headlines

The psychological impact of phishing attacks on your employees

Canonical releases Ubuntu Linux 24.04 LTS 'Noble Numbat'

New tool lets enterprises build their own secure gen AI chatbots

Younger women are going into cybersecurity but more needs to be done

Politically motivated DDoS attacks on the rise

TCL 50 XL 5G Android smartphone hits Metro by T-Mobile: Big features, small price

The increasing sophistication of synthetic identity fraud

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

62 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

22 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

21 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

18 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

17 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.