Jul 30, 2022

2022-1H State of Vulnerability Intelligence

Half of 10.0 CVSS vulnerabilities reported so far in 2022 scored incorrectly.


Notes:

  • NVD failed to report 27.3% of CVE (11,860 vulns).
  • 52% of all 10.0 CVSS (v2) vulns reported in 2022 are scored incorrectly.
  • CVSS v3.1 is better refined for IoT vulns.
  • Large gap between CVSS model identifies as critical vulnerabilitie that require immediate attention.
  • EPSS aims to address the CVSS model's issue of inaccuracy, and save time in patch management.
  • EPSS model can increase the efficiency of patch management from 5% to 42.5%.


Links:

  • https://flashpoint.io/resources/report/state-of-vulnerability-intelligence-2022-midyear/