Security News > 2024 > June > Rising exploitation in enterprise software: Key trends for CISOs

Action1 researchers found an alarming increase in the total number of vulnerabilities across all enterprise software categories.

"With the NVD's delay in associating Common Vulnerabilities and Exposures identifiers with CPE data, our report comes at a critical moment, providing much-needed insights into the evolving vulnerability landscape for enterprise software," said Mike Walters, President of Action1.

"Our goal is to arm key decision makers with essential knowledge so that they can prioritize their efforts in vulnerability monitoring using alternative approaches while the traditional reliance on NVDs is challenged. In light of the NVD crisis, the cybersecurity community needs to share information and build stronger relationships amongst private cybersecurity firms, academic institutions, and other threat intelligence platforms to facilitate holistic and timely data sharing so that all organizations can enhance their security posture," added Walters.

Although MacOS reduced its total vulnerability by 29% from 2023 to 2022, exploited vulnerabilities increased by over 30%. These findings underscore the targeted nature of attacks on iOS devices.

While Chrome has the highest number of total vulnerabilities over the three-year period analyzed, Edge's record number of 14 RCE vulnerabilities over the same timeframe, which continues to grow, is an alarming insight.

The Software Vulnerability Ratings Report 2024 analyzed 2021, 2022, and 2023 data and drew insights from the NVD and cvedetails.com.

News URL

https://www.helpnetsecurity.com/2024/06/19/exploitation-enterprise-software/