On pace to break 20k mark for disclosed vulnerabilities

Nov. 19, 2018

Risk Based Security announced the public release of its 2018 Q3 VulnDB QuickView report that shows there have been 16,172 vulnerabilities disclosed through October 29th. This is a 7% decrease from the high record reported last year at this time. The 16,172 vulnerabilities cataloged through Q3 2018 by Risk Based Security’s research team eclipsed the total covered by the CVE and National Vulnerability Database (NVD) by over 4,800. It’s also worth noting that NVD is still significantly behind in vulnerability scoring and creating the automation component.

Key findings for Q3 2018:

  • There were 16,172 vulnerabilities published by Risk Based Security’s VulnDB team through the end of Q3 2018.
  • The period up to the end of Q3 2018 showed a 7% decrease over the same period in 2017, which set the all-time high record for number of vulnerabilities.
  • Risk Based Security’s VulnDB published 4,823 more vulnerabilities than CVE/NVD through the end of Q3 2018.
  • CVSSv2 scores of 7.0+ accounted for 34.9% of all 2018’s published vulnerabilities through Q3.
  • Through Q3, 46% of the vulnerabilities not published by NVD/CVE have a CVSSv2 score between 7.0 and 10.
  • Coordinated disclosure accounted for 48.3% of 2018 vulnerabilities through Q3. 8.7% of coordinated disclosures were through bug bounty programs.
  • Web-related vulnerabilities accounted for 46.0% of 2018 vulnerabilities so far this year.
  • Of the vulnerabilities published through the end of Q3 2018, 31.2% have public exploits. 48.4% of 2018 vulnerabilities can be exploited remotely.
  • 1% of vulnerabilities published through Q3 2018 have a documented solution.
  • 6% of the vulnerabilities published up to the end of Q3 were classified as SCADA vulnerabilities.
  • 4% of 2018 vulnerabilities through Q3 were classified as impacting security software.

Risk Based Security has more information

Sponsored Recommendations

Explore how healthcare leaders are shifting from reactive maintenance to proactive facility strategies. Learn how data-driven planning and strategic investment can boost operational...
Navigate healthcare's facility challenges. Get strategies to protect assets and ensure long-term stability.
Join Claroty, Cisco, and Children's Hospital Los Angeles (CHLA) on-demand as they uncover the reasons behind common pitfalls encountered by hospitals in network segmentation efforts...
Cyber-physical systems (CPS) in healthcare encompass OT assets and systems, along with a proliferation of connected devices. This includes clinical assets, medical devices, building...