[BreachExchange] New Research: 2020 Vulnerabilities Are on Target to Match or Exceed Last Year

[Destry Winant]

https://www.riskbasedsecurity.com/2020/08/27/new-research-2020-vulnerabilities-are-on-target-to-match-or-exceed-last-year/

Today we released our 2020 Mid Year Vulnerability QuickView Report
revealing that vulnerability reporting, still impacted by COVID-19, is
beginning to return to normal.

Our VulnDB® team aggregated 11,121 vulnerabilities disclosed during the
first half of 2020, and as the year progresses the total is expected to
exceed that of last year. Out of 11,121 vulnerabilities aggregated during
the mid year, 818 were the result of the Vulnerability Fujiwhara Effect.

“We knew that these events would undoubtedly become a significant strain
for IT staff and Vulnerability Managers. Compared to other Patch Tuesdays
this year, the highest reported ‘only’ 273 new vulnerabilities.

However, during April’s Fujiwhara event we saw 506 new vulnerabilities
reported, 79% of which came from seven vendors. Unfortunately for all of
us, this is likely what we can expect to occur more frequently in the
future.

The sheer volume makes one wonder who actually benefits from this
all-at-once disclosure of vulnerabilities. Certainly not the paying
customers.”

Brian Martin, Vice President of Vulnerability Intelligence, RBS

The report goes further into the details of the disclosure landscape by
listing and breaking down the vendors and products with the highest
vulnerability counts. Most notable is Microsoft, which has seen a 150%
increase in the amount of vulnerabilities disclosed during the first six
months of 2020 compared to the entirety of 2019. Windows 10 was the product
with the most disclosed vulnerabilities by the end of Q2.

A growing concern is that, despite the high number of Microsoft
vulnerabilities and the Vulnerability Fujiwhara, 30% of all vulnerabilities
disclosed during the first half of 2020 do not have CVE ID, with 3% being
in RESERVED status meaning that information for those vulnerabilities is
not available within the CVE/NVD database.

“Given the sheer amount of vulnerabilities disclosed, organizations relying
on CVE/NVD will struggle to find timely and actionable intelligence. The
bare minimum metadata found within NVD is not enough for organizations to
properly prioritize and remediate.

Organizations are increasing their own risk by relying on CVE to provide
complete and timely data. The current level of vulnerability disclosures
organizations face on a daily basis are more than CVE can handle, and it
will only get worse.”

Brian Martin, Vice President of Vulnerability Intelligence, RBS

The 2020 Mid Year Vulnerability QuickView Report covers vulnerabilities
disclosed between January 1, 2020 and June 30, 2020.

Get your copy of the 2020 Mid Year Vulnerability QuickView Report

For a focused look into 2020’s vulnerability disclosure trends, reserve
your spot in our webinar.

About the QuickView Report and VulnDB

The quarterly Vulnerability QuickView report is a service of VulnDB, which
is the world’s most comprehensive, detailed and timely source of
vulnerability intelligence and third-party library monitoring.

It provides actionable intelligence about the latest in security
vulnerabilities through an easy-to-use SaaS portal, RESTful APIs, and
e-mail alerting. Leveraging VulnDB is simpler than ever with our connectors
to Splunk, RSA Archer, ServiceNow, GitHub, Polarity, Brinqa, Device42,
Recorded Future, and more.

Request a Demo <https://www.riskbasedsecurity.com/contact/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20200827/74bef8e2/attachment.html>