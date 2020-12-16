Infosecurity Group Websites
Latest
News

Total Published CVEs Hits Record High for Fourth Year

The past 12 months have seen a record number of CVEs published by the US authorities, the fourth year in a row volumes have risen.

As of December 15, the number of vulnerabilities in production code discovered and assigned a CVE number by the US-CERT Vulnerability Database, topped the 2019 figure.

Last year there were 17,306 CVEs published, including 4337 high-risk, 10,956 medium-risk and 2013 low-risk flaws. As of yesterday, 17,447 were recorded in total, including 4168 high-risk, 10,710 medium-risk and 2569 low-risk bugs.

Between 2005-16 numbers ranged from around 4000 to 8000 vulnerabilities each year, according to the official figures from the National Institute of Standards and Technology (NIST)’s National Vulnerability Database.

However, in 2017 the number skyrocketed to over 14,000, and each year since published volumes have hit a record high.

K2 Cyber Security, which noticed the recent record spike, argued that the pandemic may have had an impact on disclosures this year.

“Companies still struggle to find the balance between getting applications to market quickly, and securing their code. The COVID-19 pandemic is a major factor this year,” argued the vendor’s co-founder and CEO, Pravin Madhani.

“It's pushed many organizations to rush getting their applications to production; they run less QA cycles, and use more third-party, legacy, and open source code, which is a key risk factor for increased vulnerabilities.”

To mitigate these risks, DevOps teams should shift security as far left in the lifecycle as possible, while sysadmins should patch as soon as they can to ensure operating systems and critical software are up-to-date, he said.

“Finally, it’s important to have a security framework that offers a defense-in-depth architecture. It’s time to take a hint from the recent finalization of NIST’s SP800-53 that was just released on September 23,” said Madhani.

“The new security and privacy framework standard now requires Runtime Application Self-Protection (RASP) as an added layer of security in the framework.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Data Leak Exposes Details of Two Million Chinese Communist Party Members

2
News

SolarWinds: Our Office 365 Emails Were Compromised

3
News

DHS, CISA and NCSC Issue Warnings After SolarWinds Attack

4
News

Spotify Resets Passwords After Leaking User Data to Partners

5
News

Google Cloud Hires Goldman Sachs Man as First CISO

6
News

Russian Hackers Steal Data for Months in Global Supply Chain Attacks

1
News

Sextortionists Deploy New Spyware

2
News

Refinitiv Acquires GIACT

3
News

Lithuania Suffers "Most Complex" Cyber-attack in Years

4
News

Cloudhouse Acquires UpGuard Core to Help Customers Resolve Compliance Issues

5
News

Society at Increasingly High Risk of Cyber-Attacks

6
Blog

Transitioning into Cyber Space

1
Webinar

2020 Cybersecurity Headlines in Review

2
Webinar

Risk-Based Security for Your Organization: What You Need to Know

3
Webinar

Managing Security and Risk in a Microsoft 365 Environment

4
Webinar

The Remote Workplace: Managing the New Threat Landscape with ISO 27001

5
Webinar

Enabling Secure Access: Anywhere, Any Device and Any Application

6
Webinar

Insider Risk Maturity Models: Tales from the Insider Crypt

1
Blog

For Most Companies, Securing Remote Work is Unfinished Business

2
News Feature

Top Ten: News Stories of 2020

3
News

Norwegian Police Pin Parliament Attack on Fancy Bear

4
News Feature

The End of Adobe Flash: What Will Post-Support Life Look Like?

5
Interview

Interview: Tom Davison, Technical Director EMEA, Lookout Mobile Security

6
News

Cyber Helpline Receives Lottery Funding to Help Growing Number of Victims