A third of 2018’s vulnerabilities have public exploits, 50% can be exploited remotely

From helpnetsecurity.com

2018 vulnerabilities public exploits

Over 22,000 new vulnerabilities were disclosed during 2018, according to Risk Based Security’s 2018 Year End Vulnerability QuickView Report. While approximately 33% of published vulnerabilities received a CVSSv2 score of 7 or above, the number of vulnerabilities scoring 9 or above declined for the third year in a row.

The report confirms that CVE / National Vulnerability Database continues to face challenges staying up-to-date with the relentless pace of new disclosures. The research team at Risk Based Security (RBS) catalogued 6,780 more vulnerabilities than CVE/NVD. This is notable as it represents nearly 31% of all the published vulnerabilities in 2018.

“Companies can’t afford to miss almost a third of vulnerabilities each year. It is time to move from a ‘good enough’ mentality and toward the paradigm of ‘Better Data Matters’ that Risk Based Security and its VulnDB research is built upon. Missing 31% is unacceptable in today’s cyber landscape, especially when tools are available to prevent it,” said Brian Martin, VP of Vulnerability Intelligence, Risk Based Security.

Read more…