200,000th Vulnerability Added To VulnDB (And Why You Should Care)
March 29, 2019 • RBS
RICHMOND, VA, March 29, 2019 — Risk Based Security today announced the addition of the 200,000th vulnerability to VulnDB, the preeminent database of vulnerability intelligence. This significant record highlights the scale of the security challenges faced by organizations, and the sheer volume of data that they need to be able to process.
“With over 4,800 new vulnerabilities already disclosed in 2019, we are seeing an early indication that the security problems organizations have been facing aren’t going away this year, or anytime soon,” commented Jake Kouns, CISO for Risk Based Security.
The 200,000th addition is a reflected cross-site scripting (XSS) vulnerability [VulnDB ID 201564] in the popular Malware Information Sharing Platform (MISP). This milestone reflects the steady and ongoing disclosure of vulnerabilities in every type of software, even that which is designed to help achieve security.
The recently published 2018 Year End Vulnerability QuickView Report found that there were more than 22,000 new vulnerabilities disclosed in 2018. Risk Based Security’s VulnDB research team works hard to ensure that they track any vulnerability, but most important are the issues that could impact their customers. Their focus on having the broadest and most detailed intelligence possible has pushed VulnDB to have catalogued 33% more disclosed vulnerabilities than are tracked by the industry-standard public sources, Common Vulnerabilities and Exposures (CVE) or the National Vulnerability Database (NVD). VulnDB is able to provide organizations with the intelligence they need to make more informed risk decisions based on over 66,000 additional vulnerabilities only captured in VulnDB.
The wider implication is clear: without better data, organizations cannot accurately prioritize critical issues. Risk Based Security’s mission is to ensure their clients have access to the data they require. “To understand what motivates us, look no further than our company name,” commented Jake Kouns. “We provide a platform and superior intelligence so our clients can make Risk Based Security decisions on how to better handle vulnerabilities and understand the vendor and products they rely on.”
“As the tools that help researchers find vulnerabilities improve, and as that pool of researchers grows, the rate of disclosures will continue to rise. Organizations will be forced to dedicate more time and resources to keep up with the risks posed,” said Brian Martin, VP of Vulnerability Intelligence at Risk Based Security.
VulnDB is the most comprehensive and timely vulnerability intelligence available and provides actionable information about the latest in security vulnerabilities via an easy-to-use SaaS Portal, or a RESTful API that allows easy integration into GRC tools and ticketing systems.
VulnDB allows organizations to search and be alerted on the latest vulnerabilities, both in end-user software and 3rd-party libraries or dependencies. It features simple to understand ratings and metrics on their vendors and products, and how each contributes to the organization’s risk-profile and cost of ownership.
VulnDB, by the numbers:
- 200,000 vulnerabilities all time and growing
- Over 4,900 vulnerabilities YTD 2019
- Over 66,000 vulnerabilities missing from CVE
- Over 22,000 vendors included
About Risk Based Security
Risk Based Security (RBS) provides detailed information and analysis on Data Breaches, Vendor Risk Ratings and Vulnerability Intelligence. Their products, Cyber Risk Analytics (CRA) and VulnDB, provide organizations access to the most comprehensive threat intelligence knowledge bases available, including advanced search capabilities, access to raw data via API, and email alerting to assist organizations in taking the right actions in a timely manner. In addition, the YourCISO offering provides organizations with on-demand access to high quality security and information risk management resources in one, easy to use web portal.