2016 has seen the biggest volume of vulnerabilities as revealed by a new report. 15,000 flaws have been catalogued by Risk Based Security. The volume outnumbers the flaws covered by CVE and National Vulnerability Database by more than 6,500, HelpNet Security reported.
Related: Android Tops the 2016 Top 50 Vulnerabilities List with 523 Bugs
Vulnerabilities in 2016 Reach New Heights
According to Carsten Eiram, Chief Research Officer of Risk Based Security:
Another record-breaking year in the number of vulnerabilities disclosed underlines the importance of relying on a proper vulnerability intelligence solution. For most companies, tracking vulnerabilities affecting their infrastructure has become a daunting task that is either too big to handle on their own or simply not financially viable compared to out-sourcing the tracking.
The expert also points out that a prevalent number of companies still rely on CVE (Common Vulnerabilities and Exposures) for bug tracking. However, this may not be the best way since it gives companies “a false sense of security having them think they’ve got the most important vulnerabilities covered.”
The truth is a bit different. Almost half (6,659) of the flaws published in 2016 are not found in CVE/NVD. Unfortunately, the flaws in question are present in popular products. More than 1,391 of these vulnerabilities got CVSS (Common Vulnerability Scoring System) scores between 9.0 and 10.0.
Related: How to Steal a Tesla Car, the Android App Edition
What is worse is that CVE has covered only 8.2% of them in 2016. In addition, 1,945 of the CVE flaws in 2016 are still lacking details in the CVE database, hence missing from NVD. All of these numbers mean one thing – the number of vulnerabilities has been increasing steadily alongside the CVSS scores. 48,9% of the 2016 flaws are remotely exploitable, and other 32,8% of them had a public exploit.
Nonetheless, Risk Based Security also stresses on the fact that despite the difficulties in communication between vendors and researchers, they are continuing to work together towards improving the vulnerability environment. Fortunately, the numbers here are positive – flaws disclosed harmoniously increased to 44.9% last year.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: