SecureTechCase Studies

Vulnerability Intelligence and Trends Research

Download the complete Resource to continue to read the full research report @tenable

Vulnerability Intelligence and Trends Research Report | HiTechNectar
Published By - hitechnectar

Throughout this report, we use the terms “vulnerability” and “CVE” interchangeably. Common Vulnerabilities and Exposures (CVE) is “a list of entries – each containing an identification number, a description and at least one public reference – for publicly known cybersecurity vulnerabilities.” A CVE identifier describes a unique vulnerability, whereby “unique” can refer to unique on a given operating system for a specific version rather than in general.

In reality, multiple CVEs can refer to the same “vulnerability” (e.g., a vulnerability affecting a browser available on multiple operating systems such as Microsoft Windows, Red Hat Enterprise Linux and SUSE Linux).

To ensure that we have comparable data for new and old vulnerabilities, whenever we refer to “CVSS” or “severity,” we are generally referring to CVSSv2, unless we state otherwise. We generally use CVSSv2 when comparing historical vulnerability data and CVSSv3 only when considering more recent ones, where CVSSv3 data is available.

Key Takeaways

The growth in new vulnerabilities continues unabated:

  • 15,038 new vulnerabilities were published in 2017 to CVE3 versus 9,837 in 2016, an increase of 53%.
  • The first half of 2018 shows an increase of 27% versus the first half of 2017. We are on track for 18,000–19,000 new vulnerabilities this year.

Prioritizing based on High severity or exploitability alone is becoming increasingly ineffective due to the sheer volume:

  • 54% of new CVEs in 2017 were rated as CVSSv3 7.0 (High) or higher.
  • Public exploits are available for 7% of vulnerabilities.
  • For vulnerabilities where both CVSS version 2 and 3 scores are available and a comparison is possible (mainly post-2016), CVSSv3 scores the majority of vulnerabilities as High or Critical (CVSSv2 31% versus CVSSv3 60%).
Download the complete Resource to continue to read the full research report @tenable

In this report, we provide an overview of current vulnerability disclosure trends and insights into real-world vulnerabile demographics in enterprise environments. We analyze vulnerability prevalence in the wild, based on the number of affected enterprises, to highlight vulnerabilities that security practitioners are dealing with in practice – not just in theory. Our study confirms that managing vulnerabilities is a challenge of scale, velocity and volume. It is not just an engineering challenge, but requires a risk-centric view to prioritize thousands of vulnerabilities that superficially all seem the same.


Vulnerability Disclosure Trends

In this section of the resource, we look at current vulnerability disclosure trends. To denote specific vulnerabilities, we use Common Vulnerability and Exposures (CVE) IDs. CVE itself has some known issues, especially around comprehensiveness and timeliness,12 but it is considered an official standard by many and we use it here as a baseline.

Download the complete Resource:

I would like to receive communications from HiTechNectar and consent to the processing of the personal data provided above in accordance with and as described in the privacy policy.

Translate »
Social media & sharing icons powered by UltimatelySocial