BreachExchange mailing list archives
Nearly 10,000 Vulnerabilities Disclosed So Far In 2017 – Major Vendors Continue To Be Affected
From: Inga Goddijn <inga () riskbasedsecurity com>
Date: Thu, 27 Jul 2017 08:18:22 -0500
https://www.riskbasedsecurity.com/2017/07/nearly-10000-vulnerabilities-disclosed-so-far-in-2017-major-vendors-continue-to-be-affected/ Risk Based Security today announced the release of its Mid-2017 VulnDB QuickView report <https://pages.riskbasedsecurity.com/2017-midyear-vulnerability-quickview-report> that shows there have been 9,690 vulnerabilities disclosed through June 30th. This is the highest number of disclosed vulnerabilities at the mid-year point on record. The 9,690 vulnerabilities cataloged during the first six months of 2017 by Risk Based Security eclipsed the total covered by the CVE and National Vulnerability Database (NVD) by over 4,000. “Another important statistic is that of the 4,092 vulnerabilities not reported by CVE/NVD, 3,806, or 93.0%, have CVSSv2 scores of 4.0, (Medium Severity) and above. This is highly problematic since PCI compliance requires medium severity vulnerabilities and above to be mitigated. If your organization or the vulnerability scanning company you rely upon is using CVE/NVD for vulnerability intelligence your infrastructure is at risk”, said Carsten Eiram, Chief Research Officer for Risk Based Security. “With reported data breaches on the rise in 2017 at nearly 2,300 through June, and 41% of those breaches caused by hacking, this is no time to use an inferior vulnerability intelligence feed to protect your assets”, added Eiram. The newly released 2017 Mid-year 2017 report <https://pages.riskbasedsecurity.com/2017-midyear-vulnerability-quickview-report> from Risk Based Security shows that 21.1% of reported vulnerabilities received CVSSv2 scores between 9.0 and 10.0, nearly identical to the percentage observed in 2016. This means that not only is the number of vulnerabilities on the rise, but the severity of the vulnerabilities disclosed remains high. The VulnDB QuickView report also revealed that while relationships between researchers and vendors can at times appear strained, they are continuing to attempt to work together. Vulnerabilities disclosed in a coordinated fashion with vendors remains high at around 42%, just slightly lower than 2016. “One final point about the criticality of having access to comprehensive and timely vulnerability intelligence, of the vulnerabilities not reported in CVE/NVD in 2017, 47.4% have a publicly disclosed exploit or sufficient details to trivially create one.”, says Eiram. *About the VulnDB QuickView Report* The VulnDB QuickView report is possible through the research conducted by Risk Based Security <https://vulndb.cyberriskanalytics.com/>. It is designed to provide an executive level summary of the key findings from RBS’ analysis of vulnerabilities disclosed in 2017. Contact Risk Based Security for any specific analysis of the 2017 vulnerabilities of specific interest to your organization.. You can get your copy of the 2017 Mid-year 2017 VulnDB QuickView Report here: https://pages.riskbasedsecurity.com/2017-midyear-vulnerability-quickview-report
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Nearly 10,000 Vulnerabilities Disclosed So Far In 2017 – Major Vendors Continue To Be Affected Inga Goddijn (Jul 27)