[BreachExchange] Vulnerabilities Disclosed in Q1 2020 Decreased by 19.8%

Destry Winant destry at riskbasedsecurity.com
Thu May 28 09:23:47 EDT 2020


https://www.riskbasedsecurity.com/2020/05/28/vulnerabilities-disclosed-in-q1-2020-decreased-by-19-8/

 Today we released our 2020 Q1 Vulnerability QuickView Report, which
revealed that the number of vulnerabilities disclosed in Q1 2020 has
decreased by 19.8% compared to Q1 2019, making this likely the only true
dip observed within the last 10 years. Many factors have been identified as
potential contributors to this decline, including the COVID-19 pandemic,
though its precise impact may not be known for another year.

“Although the pandemic has already brought unprecedented changes to all
walks of life, it is difficult to predict precisely how it will impact
vulnerability disclosures this year.

It is possible, as we’ve seen with data breaches, that some researchers and
companies may be slower to disclose vulnerabilities. Between drastic
changes in work environments and a global pandemic, vulnerability
disclosure totals may be directly impacted.”

Brian Martin, Vice President of Vulnerability Intelligence, RBS

Despite the lower total number of vulnerability disclosures in Q1, security
teams have their work cut out for them. We have identified 561
vulnerabilities that have a public exploit, yet do not have any detail in
CVE. Worse, 60.2% of those vulnerabilities are remotely exploitable. This
is problematic for many organizations that rely on security tools that are
based on CVE data and have little in the way of detection and mitigation.

“Those vulnerabilities include issues such as remote authentication bypass,
stored XSS, SQL injection, information disclosure, denial of service, and
more. Some of these vulnerabilities are present in software from Symantec,
Apple, Atlassian, ManageEngine, Nextcloud, Jetbrains, and IBM to name a
few. That should give pause to anyone who has to come up with a mitigation
strategy where patching ‘in the right order’ becomes a key strategy.”

Brian Martin, Vice President of Vulnerability Intelligence, RBS

The 2020 Q1 Vulnerability QuickView Report covers vulnerabilities disclosed
between January 1, 2020 and March 31, 2020.

Get your copy of the 2020 Vulnerability QuickView Report
<https://pages.riskbasedsecurity.com/en/2020-q1-vulnerability-quickview-report>
About the QuickView Report and VulnDB

The quarterly Vulnerability QuickView report is a service of VulnDB, which
is the world’s most comprehensive, detailed and timely source of
vulnerability intelligence and third-party library monitoring.

It provides actionable intelligence about the latest in security
vulnerabilities through an easy-to-use SaaS portal, RESTful APIs, and
e-mail alerting. Leveraging VulnDB is simpler than ever with our connectors
to Splunk, RSA Archer, ServiceNow, GitHub, Polarity, Brinqa, Device42,
Recorded Future, and more.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20200528/7eb92a6b/attachment.html>


More information about the BreachExchange mailing list