Date:20/02/18
The figures from the company's own VulnDB eclipsed the total covered by MITRE's Common Vulnerability Enumeration (CVE) and the National Vulnerability Database (NVD) by more than 7,900.
These vulnerabilities published by VulnDB in 2017 that are not found in CVE/NVD, impact products that are widely used in all sizes of organizations.
"Incredibly, we see too many companies still relying on CVE and NVD for vulnerability tracking, despite the US government funded organization falling short year after year," says Brian Martin, VP of vulnerability intelligence for Risk Based Security. "While some argue that the CVE/NVD solution is 'good enough', that simply isn't the case. Just look at the number of web and computer hacking data breaches reported on a regular basis. In addition to a false sense of security, the 'good enough' mindset often leads some to believe that the important vulnerabilities are covered, and that isn't the case either."
Web-related issues account for over half of all vulnerabilities disclosed last year, 31.5 percent had public exploits, and 24.1 percent had no solution at the time of the report. The VulnDB QuickView report also reveals that while relationships between researchers and vendors can at times appear strained, they are continuing to attempt to work together. Vulnerabilities disclosed in a coordinated fashion with vendors was relatively consistent at 44.8 percent, compared to 45.6 percent in 2016.
"Organizations that track and triage vulnerability patching saw no relief in 2017, as it was yet another record-breaking year for vulnerability disclosures," Martin adds. "The increasingly difficult task of protecting digital assets has never been so critical to businesses as we continue to see a rise in compromised organizations and data breaches. If your vulnerability intelligence solution didn’t offer information on the more than 20,000 vulnerabilities disclosed in 2017, your organization is at an increased risk."
2017 breaks record for new vulnerabilities
More than 20,000 new vulnerabilities were cataloged in 2017 according to breach analysis specialist Risk Based Security.The figures from the company's own VulnDB eclipsed the total covered by MITRE's Common Vulnerability Enumeration (CVE) and the National Vulnerability Database (NVD) by more than 7,900.
These vulnerabilities published by VulnDB in 2017 that are not found in CVE/NVD, impact products that are widely used in all sizes of organizations.
"Incredibly, we see too many companies still relying on CVE and NVD for vulnerability tracking, despite the US government funded organization falling short year after year," says Brian Martin, VP of vulnerability intelligence for Risk Based Security. "While some argue that the CVE/NVD solution is 'good enough', that simply isn't the case. Just look at the number of web and computer hacking data breaches reported on a regular basis. In addition to a false sense of security, the 'good enough' mindset often leads some to believe that the important vulnerabilities are covered, and that isn't the case either."
Web-related issues account for over half of all vulnerabilities disclosed last year, 31.5 percent had public exploits, and 24.1 percent had no solution at the time of the report. The VulnDB QuickView report also reveals that while relationships between researchers and vendors can at times appear strained, they are continuing to attempt to work together. Vulnerabilities disclosed in a coordinated fashion with vendors was relatively consistent at 44.8 percent, compared to 45.6 percent in 2016.
"Organizations that track and triage vulnerability patching saw no relief in 2017, as it was yet another record-breaking year for vulnerability disclosures," Martin adds. "The increasingly difficult task of protecting digital assets has never been so critical to businesses as we continue to see a rise in compromised organizations and data breaches. If your vulnerability intelligence solution didn’t offer information on the more than 20,000 vulnerabilities disclosed in 2017, your organization is at an increased risk."
Views: 426
©ictnews.az. All rights reserved.Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World