BreachExchange mailing list archives
37.3% of Vulnerabilities in 2019 Had Available Exploit Code or a Proof of Concept
From: Destry Winant <destry () riskbasedsecurity com>
Date: Wed, 19 Feb 2020 09:21:10 -0600
https://www.riskbasedsecurity.com/2020/02/18/37-3-of-vulnerabilities-in-2019-had-available-exploit-code-or-a-proof-of-concept/ Today we released our 2019 Year End Vulnerability QuickView Report which encompasses the trends occurring within the computer vulnerability disclosure landscape. Our VulnDB team aggregated 22,316 newly-disclosed vulnerabilities during 2019, finding that 37.26% had available exploit code or a Proof of Concept and that 33.43% of all vulnerabilities in 2019 had a CVSSv2 score of 7.0 and above. Risk Based Security also identified a total of 302 vulnerabilities in Electronic Voting Machines (EVMs), 289 of which have no known solution. “As with any device that relies on code, there are vulnerabilities that can affect the system’s integrity and you don’t want anyone tampering with them. Only 13 EVM vulnerabilities have a known solution. To make matters worse, of those, only one has a CVE ID assigned and can be found cataloged in the U.S. National Vulnerability Database. EVMs with vulnerabilities have been used in past election, and will no doubt be used again in our next elections. It doesn’t matter what politics or beliefs you subscribe to; the essence of democracy is a free, fair and secure election that captures the will of the people. The lack of visibility on this issue should be of deep concern to every American.” Brian Martin, VP of Vulnerability Intelligence, Risk Based Security The full research is highlighted in the just released 2019 Year End Vulnerability QuickView Report. Additional key findings comment on the increasing amount of vulnerability disclosures being released on the same day due to “Patch Tuesday”. Despite initial good intentions, “Patch Tuesday” is turning into a nightmare for many organizations, with 2019 reaching an all-time high of 327 vulnerabilities being disclosed in a single day. Get your copy of the 2019 Year End Vulnerability QuickView Report About the QuickView Report and VulnDB The quarterly Vulnerability QuickView report is a service of VulnDB, which is the world’s most comprehensive, detailed and timely source of vulnerability intelligence and third-party library monitoring. It provides actionable intelligence about the latest in security vulnerabilities through an easy-to-use SaaS portal, RESTful APIs, and e-mail alerting. Leveraging VulnDB is simpler than ever with our connectors to Splunk, RSA Archer, ServiceNow, GitHub, Polarity, Brinqa, Device42, Recorded Future, and more. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- 37.3% of Vulnerabilities in 2019 Had Available Exploit Code or a Proof of Concept Destry Winant (Feb 19)