Security Expert – 5th Record Year Of Security Vulnerabilities Published By US-CERT

For the fifth year in a row, a new record of security vulnerabilities has been recorded in the US-CERT Vulnerability Database.  As of today, December 8, 2021, 18,376 vulnerabilities in production code were recorded, exceeding the 2020 record of 18,351.
Interestingly, this year, there are less high severity vulnerabilities than last year.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Pravin Madhani
Pravin Madhani , Co-founder and CEO
InfoSec Expert
December 9, 2021 8:46 am

<p>While we can’t say for certain why there are more medium and low severity vulnerabilities, and less high severity vulnerabilities, it’s likely the lower numbers of high severity vulnerabilities is due to better coding practices by developers. Many organizations have adopted “shift left” in recent years, seeking to put more of an emphasis on ensuring security is a higher priority earlier on in the development process.</p>
<p>As to why more vulnerabilities are found in production code this year, the ongoing COVID-19 pandemic has continued to push many organizations to rush getting their applications to production, as part of their digital transformation and cloud journeys, meaning the code may have been through less QA cycles, and there may have been more use of 3rd party, legacy, and open source code, another risk factor for more vulnerabilities. </p>
<p>So while companies may be coding better, they’re not testing as much, or as thoroughly, hence more vulnerabilities made it to production.</p>

Last edited 11 months ago by Pravin Madhani
1
0
Would love your thoughts, please comment.x
()
x