Vulnerability reporting is returning to normal

2020-08-28 05:00

Vulnerability reporting, still impacted by COVID-19, is beginning to return to normal, Risk Based Security reveals.

Out of 11,121 vulnerabilities aggregated during the first half of 2020, 818 were the result of the Vulnerability Fujiwhara Effect, a term that describes the events when Microsoft and Oracle vulnerability disclosure schedules collide.

"Risk Based Security sounded the alarm back in January. We knew that these events would undoubtedly become a significant strain for IT staff and Vulnerability Managers," commented Brian Martin, Vice President of Vulnerability Intelligence at Risk Based Security.

Windows 10 was the product with the most disclosed vulnerabilities by the end of Q2. A growing concern is that, despite the high number of Microsoft vulnerabilities and the Vulnerability Fujiwhara, 29.3% of all vulnerabilities disclosed during the first half of 2020 do not have CVE ID, with 3.3% being in RESERVED status meaning that information for those vulnerabilities is not available within the CVE/NVD database.

"The bare minimum metadata found within NVD is not enough for organizations to properly prioritize and remediate. Organizations are increasing their own risk by relying on CVE to provide complete and timely data. The current level of vulnerability disclosures organizations face on a daily basis are more than CVE can handle, and it will only get worse."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/2bxyOqwNfL4/

#vulnerability