Vulnerabilities Disclosed in Q1 2020 Decreased by 19.8%
May 28, 2020 • RBS
Today we released our 2020 Q1 Vulnerability QuickView Report, which revealed that the number of vulnerabilities disclosed in Q1 2020 has decreased by 19.8% compared to Q1 2019, making this likely the only true dip observed within the last 10 years. Many factors have been identified as potential contributors to this decline, including the COVID-19 pandemic, though its precise impact may not be known for another year.
“Although the pandemic has already brought unprecedented changes to all walks of life, it is difficult to predict precisely how it will impact vulnerability disclosures this year.Brian Martin, Vice President of Vulnerability Intelligence, RBS
It is possible, as we’ve seen with data breaches, that some researchers and companies may be slower to disclose vulnerabilities. Between drastic changes in work environments and a global pandemic, vulnerability disclosure totals may be directly impacted.”
Despite the lower total number of vulnerability disclosures in Q1, security teams have their work cut out for them. We have identified 561 vulnerabilities that have a public exploit, yet do not have any detail in CVE. Worse, 60.2% of those vulnerabilities are remotely exploitable. This is problematic for many organizations that rely on security tools that are based on CVE data and have little in the way of detection and mitigation.
“Those vulnerabilities include issues such as remote authentication bypass, stored XSS, SQL injection, information disclosure, denial of service, and more. Some of these vulnerabilities are present in software from Symantec, Apple, Atlassian, ManageEngine, Nextcloud, Jetbrains, and IBM to name a few. That should give pause to anyone who has to come up with a mitigation strategy where patching ‘in the right order’ becomes a key strategy.”Brian Martin, Vice President of Vulnerability Intelligence, RBS
The 2020 Q1 Vulnerability QuickView Report covers vulnerabilities disclosed between January 1, 2020 and March 31, 2020.
About the QuickView Report and VulnDB
The quarterly Vulnerability QuickView report is a service of VulnDB, which is the world’s most comprehensive, detailed and timely source of vulnerability intelligence and third-party library monitoring.
It provides actionable intelligence about the latest in security vulnerabilities through an easy-to-use SaaS portal, RESTful APIs, and e-mail alerting. Leveraging VulnDB is simpler than ever with our connectors to Splunk, RSA Archer, ServiceNow, GitHub, Polarity, Brinqa, Device42, Recorded Future, and more.