Feb 20, 2021

Analysis of NIST NVD Vulnerabilities in 2020

Just finished reading the full analysis report from Redscan. Although more vulnerabilities are on rise, there are still more positive signs based on the analysis. Here're some key takeaways:

  • Total of 18,103 vulnerabilities were disclosed in 2020 
  • 57% 10,342) of vulnerabilities in 2020 were classified as being ‘critical’ or ‘high’ severity
  • Vulnerabilities which require no user interaction to exploit are also increasing, representing 68% of all CVEs recorded in 2020
  • Vulnerabilities which require no user privileges to exploit are on the decline (from 71% in 2016 to 58% in 2020)

Threat Intelligence data for Vulnerability Management:

  1. Many CVEs are never or rarely exploited in the real world because they are too complex or require attackers to have access to high level privileges.
  2. Identifying which vulnerabilities to prioritise is a perennial challenge for Cybersecurity, especially as the number of CVEs only continues to grow.

 

CVEs recorded by NIST NVD (1995-2020)

CVEs recorded by NIST NVD (1995-2020)

Links: