You are focusing too much on vulnerabilities that pose little danger

2020-03-02 05:00

Only half of the vulnerabilities in cloud containers ever posed a threat, according to a Rezilion study.

The top 20 most popular container images on DockerHub were analyzed to discover that 50% of vulnerabilities were never loaded into memory and therefore did not pose a threat, regardless of Common Vulnerability Scoring System scores and despite vast resources in budget and manpower spent on patching or mitigation.

Firms with good security posture are equally breached by known vulnerabilities as those with poor security posture.

"A vulnerability is only as dangerous as the threat exploiting it and in some instances during our research, we found the figure dropped to as low as 2%. By focusing on actual vs. perceived risk, we found the security industry has been unnecessarily exaggerating the number of vulnerabilities security teams must address, which has dangerous ramifications to the cloud security landscape," said Shlomi Boutnaru, CTO at Rezilion.

"A continuous adaptive risk and trust assessment-based approach reduces friction and overhead by identifying vulnerabilities running in memory and then prioritizing treatment to those vulnerabilities commonly targeted by hackers as well as any that don't have mitigations."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/BKWUgy-nLD4/

#vulnerabilities