Analysis of the NIST National Vulnerability Database shows that security teams were under siege in 2020 and into the first part of 2021 defending against an unprecedented number of flaws. Today s columnist, Ed Bellis of Kenna Security, cautions that CVSS scores don t always tell the full story. shioshvili is licensed under CC BY-SA 2.0
A growing number of companies are adopting risk-based vulnerability management programs to handle the endless wave of new vulnerabilities being disclosed every day more than 2,800 in the first three months of 2021. Yet, too often these programs make one critical error â they focus too much time on a risk score, and not enough time on the system itself.
Polymer Solutions closes $1MM Seed Round to secure SaaS platforms
prnewswire.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from prnewswire.com Daily Mail and Mail on Sunday newspapers.
Polymer Solutions closes $1MM Seed Round to secure SaaS platforms
prnewswire.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from prnewswire.com Daily Mail and Mail on Sunday newspapers.
So says Kenna Security in a refreshing piece of counter-FUD analysis
Gareth Corfield Thu 18 Feb 2021 // 18:00 UTC Share
Copy
While the infosec industry is used to reading (and pumping out) FUD about software vulnerabilities, eye-catching research suggests about 500 vulns were exploited in 2019 – despite 18,000 new CVEs being created.
Kenna Security, a US infosec firm, reckons that despite thousands of vulnerabilities being assigned a Common Vulnerabilities and Exploitations (CVE) tracking number in the year, just 473 of those were actively being exploited in ways likely to impact enterprises.
That represents just 2.6 per cent of vulns reported during the year, shedding new light on the scale of the threat to internet-connected businesses.