Enterprises identify 870 unique vulnerabilities on their systems every day, on average. Of those, more than 100 are rated as critical on the common vulnerability scoring system (CVSS) according to a new report.
The Vulnerability Intelligence Report from cyber risk company Tenable is based on analysis of anonymized data from 900,000 vulnerability assessments across 2,100 enterprises.
It estimates that the industry is on track to disclose up to 19,000 new vulnerabilities in 2018, an increase of 27 percent over 2017. Yet in 2017, public exploits were available for only seven percent of all vulnerabilities, meaning that 93 percent of all vulnerabilities posed only theoretical risk. For most a working exploit is never developed and of those, an even smaller subset is actively weaponized by threat actors, making it difficult to know which vulnerabilities to remediate first, if at all.