[BreachExchange] 37.3% of Vulnerabilities in 2019 Had Available Exploit Code or a Proof of Concept

Destry Winant destry at riskbasedsecurity.com
Wed Feb 19 10:21:10 EST 2020


https://www.riskbasedsecurity.com/2020/02/18/37-3-of-vulnerabilities-in-2019-had-available-exploit-code-or-a-proof-of-concept/

Today we released our 2019 Year End Vulnerability QuickView Report
which encompasses the trends occurring within the computer
vulnerability disclosure landscape. Our VulnDB team aggregated 22,316
newly-disclosed vulnerabilities during 2019, finding that 37.26% had
available exploit code or a Proof of Concept and that 33.43% of all
vulnerabilities in 2019 had a CVSSv2 score of 7.0 and above.

Risk Based Security also identified a total of 302 vulnerabilities in
Electronic Voting Machines (EVMs), 289 of which have no known
solution.

“As with any device that relies on code, there are vulnerabilities
that can affect the system’s integrity and you don’t want anyone
tampering with them. Only 13 EVM vulnerabilities have a known
solution. To make matters worse, of those, only one has a CVE ID
assigned and can be found cataloged in the U.S. National Vulnerability
Database.

EVMs with vulnerabilities have been used in past election, and will no
doubt be used again in our next elections. It doesn’t matter what
politics or beliefs you subscribe to; the essence of democracy is a
free, fair and secure election that captures the will of the people.
The lack of visibility on this issue should be of deep concern to
every American.”

Brian Martin, VP of Vulnerability Intelligence, Risk Based Security

The full research is highlighted in the just released 2019 Year End
Vulnerability QuickView Report. Additional key findings comment on the
increasing amount of vulnerability disclosures being released on the
same day due to “Patch Tuesday”. Despite initial good intentions,
“Patch Tuesday” is turning into a nightmare for many organizations,
with 2019 reaching an all-time high of 327 vulnerabilities being
disclosed in a single day.

Get your copy of the 2019 Year End Vulnerability QuickView Report

About the QuickView Report and VulnDB

The quarterly Vulnerability QuickView report is a service of VulnDB,
which is the world’s most comprehensive, detailed and timely source of
vulnerability intelligence and third-party library monitoring.

It provides actionable intelligence about the latest in security
vulnerabilities through an easy-to-use SaaS portal, RESTful APIs, and
e-mail alerting. Leveraging VulnDB is simpler than ever with our
connectors to Splunk, RSA Archer, ServiceNow, GitHub, Polarity,
Brinqa, Device42, Recorded Future, and more.


More information about the BreachExchange mailing list