Security Expert Re: US-CERT Notes Record Number Of Vulnerabilities For 4th Year In A Row

Today the  US-CERT Vulnerability Database recorded 17,447 vulnerabilities, which is a new high and makes 2020 the fourth year in a row that a record number of vulnerabilities has been published.  There were 17,306 vulnerabilities recorded in 2019.

Experts Comments

December 17, 2020
Pravin Madhani
Co-founder and CEO
K2 Cyber Security
The US-CERT Vulnerability Database keeps track of new vulnerabilities in production code as they are discovered and assigns each unique vulnerability with a “CVE” number. For the last three years, 2017 through 2019, there has been a record number of vulnerabilities recorded in the vulnerability database. On December 15, 2020, we just hit another milestone with the number of vulnerabilities recorded (so far in 2020) exceeding the total count in 2019, marking a fourth record year of.....Read More
The US-CERT Vulnerability Database keeps track of new vulnerabilities in production code as they are discovered and assigns each unique vulnerability with a “CVE” number. For the last three years, 2017 through 2019, there has been a record number of vulnerabilities recorded in the vulnerability database. On December 15, 2020, we just hit another milestone with the number of vulnerabilities recorded (so far in 2020) exceeding the total count in 2019, marking a fourth record year of vulnerabilities discovered in production code. Why is this happening? Despite the emergence of DevSecOps and shift left approaches, the number of vulnerabilities in released code continues to rise. Companies still struggle to find the balance between getting applications to market quickly and securing their code. The COVID-19 pandemic is a major factor this year. It's pushed many organizations to rush getting their applications to production; they run less QA cycles, and use more 3rd party, legacy, and open-source code, which is a key risk factor for increased vulnerabilities. There are a number of measures an organization can take to improve its web application security stance. To start, make sure developers take security into consideration when developing and coding applications. Second, make sure that software and operating systems are kept up to date, with the latest updates and patches to ensure known vulnerabilities that have patches are not exploited. Finally, it’s important to have a security framework that offers a defense-in-depth architecture. It’s time to take a hint from the recent finalization of the National Institute of Standards and Technology (NIST)’s SP800-53 that was just released on September 23, 2020. The new security and privacy framework standard now requires Runtime Application Self-Protection (RASP) as an added layer of security in the framework.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.