2016 has seen the biggest volume of vulnerabilities as revealed by a new report. 15,000 flaws have been catalogued by Risk Based Security. The volume outnumbers the flaws covered by CVE and National Vulnerability Database by more than 6,500, HelpNet Security reported.
Vulnerabilities in 2016 Reach New Heights
According to Carsten Eiram, Chief Research Officer of Risk Based Security:
Another record-breaking year in the number of vulnerabilities disclosed underlines the importance of relying on a proper vulnerability intelligence solution. For most companies, tracking vulnerabilities affecting their infrastructure has become a daunting task that is either too big to handle on their own or simply not financially viable compared to out-sourcing the tracking.
The expert also points out that a prevalent number of companies still rely on CVE (Common Vulnerabilities and Exposures) for bug tracking. However, this may not be the best way since it gives companies “a false sense of security having them think they’ve got the most important vulnerabilities covered.”
The truth is a bit different. Almost half (6,659) of the flaws published in 2016 are not found in CVE/NVD. Unfortunately, the flaws in question are present in popular products. More than 1,391 of these vulnerabilities got CVSS (Common Vulnerability Scoring System) scores between 9.0 and 10.0.
What is worse is that CVE has covered only 8.2% of them in 2016. In addition, 1,945 of the CVE flaws in 2016 are still lacking details in the CVE database, hence missing from NVD. All of these numbers mean one thing – the number of vulnerabilities has been increasing steadily alongside the CVSS scores. 48,9% of the 2016 flaws are remotely exploitable, and other 32,8% of them had a public exploit.
Nonetheless, Risk Based Security also stresses on the fact that despite the difficulties in communication between vendors and researchers, they are continuing to work together towards improving the vulnerability environment. Fortunately, the numbers here are positive – flaws disclosed harmoniously increased to 44.9% last year.