Just finished reading the full analysis report from Redscan. Although more vulnerabilities are on rise, there are still more positive signs based on the analysis. Here're some key takeaways:
- Total of 18,103 vulnerabilities were disclosed in 2020
- 57% 10,342) of vulnerabilities in 2020 were classified as being ‘critical’ or ‘high’ severity
- Vulnerabilities which require no user interaction to exploit are also increasing, representing 68% of all CVEs recorded in 2020
- Vulnerabilities which require no user privileges to exploit are on the decline (from 71% in 2016 to 58% in 2020)
Threat Intelligence data for Vulnerability Management:
- Many CVEs are never or rarely exploited in the real world because they are too complex or require attackers to have access to high level privileges.
- Identifying which vulnerabilities to prioritise is a perennial challenge for Cybersecurity, especially as the number of CVEs only continues to grow.
CVEs recorded by NIST NVD (1995-2020) |