Ad End 1 February 2024
Ad Ends 13 January 2025
Ad End 26 February 2025
ad End 25 April 2025
Ad Ends 20 January 2025
Ad expire at 5 August 2024
banner Expire 25 April 2025
What's new
banner Expire 15 January 2025
banner Expire 20 October 2024
UniCvv
casino
swipe store
adv exp at 23 August 2024
Carding.pw carding forum
BidenCash Shop
Kfc CLub

Total Published CVEs Hits Record High for Fourth Year

File_closed07

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 13, 2020
Messages
7,544
Reaction score
916
Points
212
Awards
2
  • trusted user
  • Rich User
The past 12 months have seen a record number of CVEs published by the US authorities, the fourth year in a row volumes have risen.

As of December 15, the number of vulnerabilities in production code discovered and assigned a CVE number by the US-CERT Vulnerability Database, topped the 2019 figure.

Last year there were 17,306 CVEs published, including 4337 high-risk, 10,956 medium-risk and 2013 low-risk flaws. As of yesterday, 17,447 were recorded in total, including 4168 high-risk, 10,710 medium-risk and 2569 low-risk bugs.

Between 2005-16 numbers ranged from around 4000 to 8000 vulnerabilities each year, according to the official figures from the National Institute of Standards and Technology (NIST)’s National Vulnerability Database.

However, in 2017 the number skyrocketed to over 14,000, and each year since published volumes have hit a record high.

K2 Cyber Security, which noticed the recent record spike, argued that the pandemic may have had an impact on disclosures this year.

“Companies still struggle to find the balance between getting applications to market quickly, and securing their code. The COVID-19 pandemic is a major factor this year,” argued the vendor’s co-founder and CEO, Pravin Madhani.

“It's pushed many organizations to rush getting their applications to production; they run less QA cycles, and use more third-party, legacy, and open source code, which is a key risk factor for increased vulnerabilities.”

To mitigate these risks, DevOps teams should shift security as far left in the lifecycle as possible, while sysadmins should patch as soon as they can to ensure operating systems and critical software are up-to-date, he said.

“Finally, it’s important to have a security framework that offers a defense-in-depth architecture. It’s time to take a hint from the recent finalization of NIST’s SP800-53 that was just released on September 23,” said Madhani.

“The new security and privacy framework standard now requires Runtime Application Self-Protection (RASP) as an added layer of security in the framework.”
 
Ad End 1 February 2024
Top