2020 vulnerabilities are on target to match or exceed last year as routine Patch Tuesday events begin to reach volumes comparable to January’s Vulnerability Fujiwhara.
RICHMOND, VA, November 9, 2020 — Risk Based Security today released their 2020 Q3 Vulnerability QuickView Report revealing that the number of vulnerability disclosures is back on track to reach or bypass 2019 as we head into 2021.
Risk Based Security’s VulnDB® team aggregated 17,129 vulnerabilities disclosed during the first three quarters of 2020, marking a 4.6% gap when compared to last year. However, earlier in 2020 that gap was instead a sharp decline of 19.2%.
“At the end of Q1 this year, we saw what appeared to be a sharp decline in vulnerability disclosures as compared to 2019, dropping by 19.2%. Statistically that is huge,” commented Brian Martin, Vice President of Vulnerability Intelligence at Risk Based Security. “However, as 2020 continues, we are starting to see just how large an impact the pandemic has had on vulnerability disclosures.”
The report goes further in detail on what that impact is and how the gap in vulnerability reporting has been rapidly closing. Several factors include researchers and organizations returning to their old routines, as well as the Vulnerability Fujiwhara observed earlier this year. However, the main contributor for the closing gap are “regular” Patch Tuesday events.
“Patch Tuesdays have grown to be serious undertakings and may represent an incredible burden on IT teams that can last weeks during remediation efforts,” Mr. Martin concluded. “It goes without saying that as Patch Tuesday workloads increase, the time needed for remediation will follow suit. Even though the Fujiwhara storms have settled, we are starting to see that “regular” Patch Tuesdays are consistently reaching volumes comparable to January’s event. For organizations who are still relying solely on CVE/NVD, they may find that their timeline may be further extended as the number of vulnerabilities “missed” by MITRE remains consistent.”
The 2020 Q3 Vulnerability QuickView Report covers vulnerabilities disclosed between January 1, 2020 and September 30, 2020.
About Risk Based Security
Risk Based Security (RBS) provides detailed information and analysis on Vulnerability Intelligence, Data Breaches, and Vendor Risk Ratings. Our products, Cyber Risk Analytics (CRA) and VulnDB, provide organizations access to the most comprehensive threat intelligence knowledge bases available, including advanced search capabilities, access to raw data via API, and email alerting to assist organizations in taking the right actions in a timely manner. In addition, our YourCISO offering provides organizations with on-demand access to high quality security and information risk management resources in one, easy to use web portal.
VulnDB is the most comprehensive and timely vulnerability intelligence available and provides actionable information about the latest in security vulnerabilities via an easy-to-use SaaS Portal, or a RESTful API for easy integration into GRC tools and ticketing systems. VulnDB has published integrations with over a dozen security platforms including, JFrog, Splunk, ServiceNow, Brinqa, Recorded Future and RSA Archer. VulnDB allows organizations to search on and be alerted to the latest vulnerabilities, both in end-user software and the third-party libraries or dependencies that help build applications. A subscription to VulnDB provides organizations with simple to understand ratings and metrics on their vendors and products, and how each contributes to the organization’s risk-profile and cost of ownership.
For more information, please visit:
or call 855-RBS-RISK