Risk Based Security (RBS) has today released its 2021 Year End Vulnerability QuickView Report showing that a total of 28,695 vulnerabilities were disclosed last year.
This the highest number recorded to date. Now that the vulnerability disclosure landscape has moved past the COVID-19 pandemic, RBS predicts that the number of vulnerabilities disclosed will continue to rise year-on-year in future.
“Despite the vulnerability disclosure landscape shaking off the pandemic, there has been no celebratory fanfare,” says Brian Martin, vice president of vulnerability intelligence at Risk Based Security. “Now, it’s back to business-as-usual and that means vulnerability disclosure counts will likely fall back into the pattern of increasing each year. As such, organizations that still adopt the mindset of ‘patch everything’ will continue to struggle.”
The report highlights the volatility caused by routine ‘Patch Tuesday’ events, which often see the release of up to 300 vulnerabilities on a single day. In addition many 2021 vulnerabilities needed to be re-visited and updated as new solution information, references, and additional metadata became available.
“Updating previous records is vital because if a vulnerability is disclosed and isn’t coordinated with the vendor, it can be days, months or even years before a solution is made available,” adds Martin. “While your organization may have introduced mitigating controls, it is still extremely important to install the patch or upgrade when it becomes available. If vulnerability entries are not updated with subsequently available remediation information, then your organization is missing out on crucial data needed to truly mitigate vulnerability-related risk.”
You can find out more and get the full report from the RBS site.
Image credit: billiondigital/depositphotos.com