Number of 2020 vulnerabilities set to overtake last year
The latest report from Risk Based Security reveals that the number of vulnerability disclosures this year is back on track to reach or surpass 2019 after a decline in the first quarter.
Earlier in the year there had been a sharp decline of 19.2 percent in the number of vulnerabilities disclosed. But on the latest figures Risk Based Security's VulnDB team aggregated 17,129 vulnerabilities disclosed during the first three quarters of 2020, marking a mere 4.6 percent gap when compared to last year.
"At the end of Q1 this year, we saw what appeared to be a sharp decline in vulnerability disclosures as compared to 2019, dropping by 19.2 percent. Statistically that is huge," says Brian Martin, vice president of vulnerability intelligence at Risk Based Security. "However, as 2020 continues, we are starting to see just how large an impact the pandemic has had on vulnerability disclosures."
The report also notes that 600 vulnerabilities are still in CVE reserved status meaning that organizations and security products that rely on the CVE database won't find details of them. Microsoft has seen a 39 percent increase in vulnerabilities in Q3, leapfrogging other vendors to rise from ninth to first in the top ten list. The volume of Patch Tuesday fixes has increased too.
"Patch Tuesdays have grown to be serious undertakings and may represent an incredible burden on IT teams that can last weeks during remediation efforts," Martin concludes. "It goes without saying that as Patch Tuesday workloads increase, the time needed for remediation will follow suit. Even though the Fujiwhara storms have settled, we are starting to see that 'regular' Patch Tuesdays are consistently reaching volumes comparable to January's event. For organizations who are still relying solely on CVE/NVD, they may find that their timeline may be further extended as the number of vulnerabilities 'missed' by MITRE remains consistent."
The 2020 Q3 Vulnerability QuickView Report is available from the Risk Based Security site.
Image Credit: alphaspirit / Shutterstock