Security Expert – 5th Record Year Of Security Vulnerabilities Published By US-CERT

For the fifth year in a row, a new record of security vulnerabilities has been recorded in the US-CERT Vulnerability Database.  As of today, December 8, 2021, 18,376 vulnerabilities in production code were recorded, exceeding the 2020 record of 18,351.
Interestingly, this year, there are less high severity vulnerabilities than last year.

Experts Comments

December 09, 2021
Pravin Madhani
Co-founder and CEO
K2 Cyber Security

While we can’t say for certain why there are more medium and low severity vulnerabilities, and less high severity vulnerabilities, it’s likely the lower numbers of high severity vulnerabilities is due to better coding practices by developers. Many organizations have adopted “shift left” in recent years, seeking to put more of an emphasis on ensuring security is a higher priority earlier on in the development process.

As to why more vulnerabilities are found in production code this year, the

.....Read More

While we can’t say for certain why there are more medium and low severity vulnerabilities, and less high severity vulnerabilities, it’s likely the lower numbers of high severity vulnerabilities is due to better coding practices by developers. Many organizations have adopted “shift left” in recent years, seeking to put more of an emphasis on ensuring security is a higher priority earlier on in the development process.

As to why more vulnerabilities are found in production code this year, the ongoing COVID-19 pandemic has continued to push many organizations to rush getting their applications to production, as part of their digital transformation and cloud journeys, meaning the code may have been through less QA cycles, and there may have been more use of 3rd party, legacy, and open source code, another risk factor for more vulnerabilities. 

So while companies may be coding better, they’re not testing as much, or as thoroughly, hence more vulnerabilities made it to production.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.