After a drop during the pandemic, vulnerability disclosures are showing growth again according to the latest Vulnerability Quick Look Report from Risk Based Security VulnDB Team.
The report shows 12,723 vulnerabilities disclosed during the first half of 2021 and the vulnerability disclosure landscape saw growth of 2.8 percent compared to the same period in 2020.
“As 2020 unfolded, we saw many factors contributing to major disruption in industries and organizations around the world,” says Brian Martin, vulnerability historian at Risk Based Security. “Those factors include the coronavirus pandemic, of course, but also the many spillover effects on supply chains, press coverage, investment decisions, and more. Since then, the vulnerability landscape has stabilized somewhat. as organizations return to normal operations. “
On average, 80 new vulnerabilities have been revealed every day. Risk Based Security also updated an average of 200 existing vulnerability entries per day as new solution information, references, and additional metadata became available.
Furthermore, the report shows that 1,425 vulnerabilities revealed in the first half of 2021 are remotely exploitable, have a public exploit, and have a mitigation solution. Organizations should consider fixing these problems as their number one priority if they pose a risk.
But while vulnerabilities increased, there were only 1,767 publicly reported breaches in the first six months of 2021, a 24 percent decrease compared to the same period last year. The decrease in breach disclosures is primarily coming from locations outside of the US, including breaches originating from unknown sources. In the US, the number of reported violations increased by a modest 1.5 percent.
“Important information that was lost during the pandemic is resurfacing,” adds Martin. “Even if organizations can feel comfortable going back to their previous processes, the fundamental problem remains: There are too many vulnerabilities for many organizations to realistically handle unless they take a truly risk-based patching approach.”
The full report it is available on the Risk Based Security site.