15,000 Vulnerabilities Catalogued in 2016, CVE Flaws Exceeded

15,000 Vulnerabilities Catalogued in 2016, CVE Flaws Exceeded

2016 has seen the biggest volume of vulnerabilities as revealed by a new report. 15,000 flaws have been catalogued by Risk Based Security. The volume outnumbers the flaws covered by CVE and National Vulnerability Database by more than 6,500, HelpNet Security reported.

Related: Android Tops the 2016 Top 50 Vulnerabilities List with 523 Bugs

Vulnerabilities in 2016 Reach New Heights

According to Carsten Eiram, Chief Research Officer of Risk Based Security:

Another record-breaking year in the number of vulnerabilities disclosed underlines the importance of relying on a proper vulnerability intelligence solution. For most companies, tracking vulnerabilities affecting their infrastructure has become a daunting task that is either too big to handle on their own or simply not financially viable compared to out-sourcing the tracking.

The expert also points out that a prevalent number of companies still rely on CVE (Common Vulnerabilities and Exposures) for bug tracking. However, this may not be the best way since it gives companies “a false sense of security having them think they’ve got the most important vulnerabilities covered.”

The truth is a bit different. Almost half (6,659) of the flaws published in 2016 are not found in CVE/NVD. Unfortunately, the flaws in question are present in popular products. More than 1,391 of these vulnerabilities got CVSS (Common Vulnerability Scoring System) scores between 9.0 and 10.0.

Related: How to Steal a Tesla Car, the Android App Edition

What is worse is that CVE has covered only 8.2% of them in 2016. In addition, 1,945 of the CVE flaws in 2016 are still lacking details in the CVE database, hence missing from NVD. All of these numbers mean one thing – the number of vulnerabilities has been increasing steadily alongside the CVSS scores. 48,9% of the 2016 flaws are remotely exploitable, and other 32,8% of them had a public exploit.

Nonetheless, Risk Based Security also stresses on the fact that despite the difficulties in communication between vendors and researchers, they are continuing to work together towards improving the vulnerability environment. Fortunately, the numbers here are positive – flaws disclosed harmoniously increased to 44.9% last year.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Newsletter
Subscribe to receive regular updates about the state of PC Security and latest threads.

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.