New Research: 2020 Vulnerabilities on Target to Match or Exceed Last Year
December 9, 2020 • RBS
Today, we released our new 2020 Q3 Vulnerability QuickView Report, revealing that the number of vulnerability disclosures is back on track to reach or bypass 2019 as we head into 2021.
Our VulnDB team aggregated 17,129 vulnerabilities disclosed during the first three quarters of 2020, marking a 4.6% gap when compared to last year. However, earlier in 2020 that gap was instead a sharp decline of 19.2%.
“At the end of Q1 this year, we saw what appeared to be a shard decline in vulnerability disclosures as compared to 2019, dropping by 19.2%. Statistically that is huge. However, as 2020 continues, we are starting to see just how large an impact the pandemic has had on vulnerability disclosures.”Brian Martin, Vice President of Vulnerability Intelligence, RBS
The report goes further in detail on what the impact is and how the gap in vulnerability reporting has been rapidly closing. Several factors include researchers and organizations returning to their old routines, as well as the Vulnerability Fujiwhara observed earlier this year. However, the main contributor for the closing gap are “regular” Patch Tuesday events.
“Patch Tuesdays have grown to be serious undertakings and may represent an incredible burden on IT teams that can last weeks during remediation efforts. It goes without saying that as Patch Tuesday workloads increase, the time needed for remediation will follow suit.Brian Martin, Vice President of Vulnerability Intelligence, RBS
Even though the Fujiwhara storms have settled, we are starting to see that “regular” Patch Tuesdays are consistently reaching volumes comparable to January’s event. For organizations who are still relying solely on CVE / NVD, they may find that their timeline may be further extended as the number of vulnerabilities “missed” by MITRE remains consistent.”
The 2020 Q3 Vulnerability QuickView Report covers vulnerabilities disclosed between January 1, 2020 and September 30, 2020.
About the QuickView Report and VulnDB
The quarterly Vulnerability QuickView report is a service of VulnDB, which is the world’s most comprehensive, detailed and timely source of vulnerability intelligence and third-party library monitoring.
It provides actionable intelligence about the latest in security vulnerabilities through an easy-to-use SaaS portal, RESTful APIs, and e-mail alerting. Leveraging VulnDB is simpler than ever with our connectors to Splunk, RSA Archer, ServiceNow, GitHub, Polarity, Brinqa, Device42, Recorded Future, and more.