2015 was a record year for vulnerabilities disclosed!
RBS research shows that with the increased amount of vulnerabilities publicly disclosed, it is critical that organizations truly understand the quality and timeliness of the vulnerability intelligence used in the security products they rely upon. At best, vulnerability scanners, firewalls, intrusion prevention/detection systems, government directives, and other security products built using NVD/CVE will discover less than 60% of the vulnerabilities reported in 2015.
We are pleased to release our VulnDB QuickView Report that highlights the vulnerabilities captured by Risk Based Security in 2015, as compared to previous years.
Here are a few highlights from the report:
- 14,185 vulnerabilities reported in 2015 – A high mark, and over 6,000 more vulnerabilities than NVD/CVE.
- 20% of 2015’s vulnerabilities received CVSS scores between 9.0 and 10.0
- Total number of 2015 vulnerabilities reflects 77% increase compared to the record low (8,014) reported in 2011.
- 37.8% of 2015 vulnerabilities have public exploits.
- Vulnerabilities disclosed in a coordinated fashion with the vendor rose to 42% in 2015 compared to 28% in 2014.