More than 10K vulnerabilities have been revealed so far this year

Share this…

A considerable amount of the vulnerabilities revealed are considered as critical flaws

cyber security organization report shows that 16.6% of the vulnerabilities reported in the year 2018 received scores in the Common Vulnerability Scoring System (CVSS) of between 9.0 and 10.0, which is a fall compared to the numbers recorded in earlier years, however, the severity of the disclosed vulnerabilities remains significant.

“An important and convincing statistic is that of the 3,279 vulnerabilities registered, 44.2% have CVSS scores between 9.0 and 10 (high to critical severity)”, says Carsten Eiram, a cyber security organization specialist in charge of the report. “While it is important to consider other criteria in addition to CVSS scores to manage and prioritize vulnerabilities, it may be very problematic for an organization not to be aware of the critical vulnerabilities that may jeopardize their assets”, the expert added.

Out of the vulnerabilities reported in 2018, 25.6% do not have a known solution yet. Because of this, the release of software patches, though still important, is only a part of the vulnerability management today. In the current environment, effective vulnerability management needs to use detailed intelligence to understand and prioritize mitigation actions to address the ever-changing threat landscape.

The report also shows that while the relations between researchers and suppliers may be difficult to manage, progress is being done in cooperation tasks. The vulnerabilities reported in a coordinated manner with suppliers are still high, with numbers close to 48.5%, an improvement over 2017.

According to cyber security organization specialists from the International Institute of Cyber Security, the task of protecting digital assets has never been so fundamental to companies, as we keep appreciating an increase in compromised organizations and data breaches. Vulnerability intelligence solutions are a cornerstone of a company’s defense strategy and they need to be kept up-to-date on cyber security issues.