[BreachExchange] New Research: 2020 Vulnerabilities on Target to Match or Exceed Last Year

[Destry Winant]

https://www.riskbasedsecurity.com/2020/12/09/new-research-2020-vulnerabilities-on-target-to-match-or-exceed-last-year/

Today, we released our new 2020 Q3 Vulnerability QuickView Report,
revealing that the number of vulnerability disclosures is back on
track to reach or bypass 2019 as we head into 2021.

Our VulnDB team aggregated 17,129 vulnerabilities disclosed during the
first three quarters of 2020, marking a 4.6% gap when compared to last
year. However, earlier in 2020 that gap was instead a sharp decline of
19.2%.

“At the end of Q1 this year, we saw what appeared to be a shard
decline in vulnerability disclosures as compared to 2019, dropping by
19.2%. Statistically that is huge. However, as 2020 continues, we are
starting to see just how large an impact the pandemic has had on
vulnerability disclosures.”

Brian Martin, Vice President of Vulnerability Intelligence, RBS

The report goes further in detail on what the impact is and how the
gap in vulnerability reporting has been rapidly closing. Several
factors include researchers and organizations returning to their old
routines, as well as the Vulnerability Fujiwhara observed earlier this
year. However, the main contributor for the closing gap are “regular”
Patch Tuesday events.

“Patch Tuesdays have grown to be serious undertakings and may
represent an incredible burden on IT teams that can last weeks during
remediation efforts. It goes without saying that as Patch Tuesday
workloads increase, the time needed for remediation will follow suit.

Even though the Fujiwhara storms have settled, we are starting to see
that “regular” Patch Tuesdays are consistently reaching volumes
comparable to January’s event. For organizations who are still relying
solely on CVE / NVD, they may find that their timeline may be further
extended as the number of vulnerabilities “missed” by MITRE remains
consistent.”

Brian Martin, Vice President of Vulnerability Intelligence, RBS

The 2020 Q3 Vulnerability QuickView Report covers vulnerabilities
disclosed between January 1, 2020 and September 30, 2020.

About the QuickView Report and VulnDB

The quarterly Vulnerability QuickView report is a service of VulnDB,
which is the world’s most comprehensive, detailed and timely source of
vulnerability intelligence and third-party library monitoring.

It provides actionable intelligence about the latest in security
vulnerabilities through an easy-to-use SaaS portal, RESTful APIs, and
e-mail alerting. Leveraging VulnDB is simpler than ever with our
connectors to Splunk, RSA Archer, ServiceNow, GitHub, Polarity,
Brinqa, Device42, Recorded Future, and more.