[BreachExchange] VulnDB Now Has Over 80,000 Vulnerabilities You Likely Didn’t Know About

Destry Winant destry at riskbasedsecurity.com
Mon Feb 8 10:25:51 EST 2021


https://www.riskbasedsecurity.com/2021/02/02/vulndb-now-has-over-80000-vulnerabilities-you-likely-didnt-know-about/

VulnDB has many attributes that set it apart from other vulnerability
databases. We have written extensively about some of these including
timeliness, historical data, extensive metadata, product ratings, social
risk scores and more. One of the things that we at Risk Based Security and
our VulnDB team specifically takes pride in is the number of
vulnerabilities we have aggregated that do not have a CVE ID. That single
number is a simple yet effective way to show just how much more extensive
our vulnerability intelligence is, and it is a good bet that your
organization is in the dark.

To put it simply.  If your organization has an important asset, let’s name
it SquirrelPC, and your vulnerability scanner says there are 10
vulnerabilities in it, your team is only able to react to that information.
You may upgrade to the version believed to fix all ten vulnerabilities that
you are aware of at the time. But what if, in reality, there are at least
13 vulnerabilities, and you are still vulnerable to three of them? There is
no way to know when dealing with limited intelligence!  That is just one of
the reasons why you want broad vulnerability coverage for your
vulnerability management program, from  a team of industry experts
proactively looking for that information. And that is exactly what VulnDB
does. We scour thousands of sources every day looking for information you
need to make the best risk based decisions.

At the start of 2020, VulnDB included around 72,000 vulnerabilities that
did not have a CVE identifier. We add more almost every day during our
aggregation efforts. Sometimes that might just be one or two, while other
days it may be closer to our average of 22. The biggest single day increase
in 2020 was a whopping 95 vulnerabilities that MITRE and the CVE/NVD
ecosystem missed. That is a disservice to organizations that use security
products that blindly trust CVE/NVD data.

VulnDB has now crossed the milestone of 80,000 aggregated vulnerabilities
without a CVE ID, and it’s a mark of pride for our research team. We take
vulnerability intelligence seriously and that is one of many ways we know
that we’re providing an important service to our clients. Of course, 80,000
is just as arbitrary as 31,337 or 57,923. The reality is that it only takes
one missed vulnerability for an organization to have a very bad time, and
possibly wind up in Cyber Risk Analytics as the next breached company. But
80k is a nice round number so we celebrated it all the same and will
continue to track every vulnerability that we can find!

Hungry for more insights on the Vulnerability landscape? Look out for our
2020 Year End Vulnerability QuickView report, coming mid-February.

See how VulnDB can fuel your vulnerability management program with 80,000
vulnerabilities without CVE.

Request a Demo <https://www.riskbasedsecurity.com/contact/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210208/45461396/attachment.html>


More information about the BreachExchange mailing list