Security News > 2021 > February > Just 2.6% of 2019's 18,000 tracked vulnerabilities were actively exploited in the wild
While the infosec industry is used to reading FUD about software vulnerabilities, eye-catching research suggests about 500 vulns were exploited in 2019 - despite 18,000 new CVEs being created.
Kenna Security, a US infosec firm, reckons that despite thousands of vulnerabilities being assigned a Common Vulnerabilities and Exploitations tracking number in the year, just 473 of those were actively being exploited in ways likely to impact enterprises.
"A mere 6 per cent of those 473 vulnerabilities ever reached widespread exploitation by more than 1/100 organizations," asserted Kenna Security's report.
The report continued: "Exploit code was already available for >50 per cent of vulnerabilities by the time they published to the CVE List. Thankfully for defenders, patch releases coincide with publication for over 80 per cent of those CVEs.".
CVEs, while imperfect, are a widely accepted measure of the number and severity of vulnerabilities in the public domain.
Dan Mellinger of Kenna Security added that a large number of CVE numbering authorities have been created over the past few years, fuelling the growth in reported CVEs.