More Than 10K Recorded Vulnerabilities in 2018: The number of vulnerabilities disclosures which were recorded continues to rise, with 10,644 published throughout the first half of 2018 by Risk Based Security’s VulnDB team. That the total reportedly is around 3,279 vulnerabilities than those which listed on CVE/NVD, according to the 2018 Mid-Year VulnDB QuickView Report.
The number reflects only 1% increase compared to last year. Which of those were discovered in the first six months of 2018, 73% of vulnerabilities have a documented solution, while only 32.1% have public exploits; however, 50% of vulnerabilities can be exploited remotely.
The vulnerabilities disclosed, 16.6% scored 9.0 or higher on the CVBSSv2 scale. Nearly (48.2%) of the vulnerabilities which were disclosed through coordinated disclosure, yet only 13.1% of those coordinated disclosures were through bug bounty programs.
“An important and compelling statistics is that of the 3,279 vulnerabilities not reported by CVE/NVD, 44.2% have CVSSv2 scores between 9.0 and 10 (high to critical severity).
While criteria other than just CVSS scores are important to consider when managing are prioritizing vulnerabilities, it is highly problematic is an organization is not aware of higher-severity vulnerability that pose a risk to their assets,” said Carsten Eiram, chief research officer for Risk Based Security.
“We continue to see a surprising number of companies still relying on CVE and NVD for vulnerability tracking, despite the US government-funded organization have continued underrepresentation of identifiable vulnerabilities,” said Brain Martin, VP of vulnerability intelligence for Risk Based Security.
“While some contend that the CVE/NVD solution is ‘good enough,’ the number of data breaches based on hacking points to a different conclusion. In today’s hostile comput9ing environment, with nonstop attacks from around the world, organizations using subpar vulnerability intelligence are taking on significant risk needlessly.”