“Patch Tuesday was created by Microsoft and it rolled out patches in a more scheduled and consistent manner. However, as the years have passed, more and more vendors are not only co-opting the concept of Patch Tuesday, but the day itself,” said Brian Martin, VP of Vulnerability Intelligence for RBS.
RICHMOND, Va. (PRWEB) February 18, 2020
Risk Based Security today released their 2019 Year End Vulnerability QuickView Report which encompasses the trends occurring within the computer vulnerability disclosure landscape. Risk Based Security’s VulnDB team aggregated 22,316 newly-disclosed vulnerabilities during 2019, finding that 37.26% had available exploit code or a Proof of Concept and that 33.43% of all vulnerabilities in 2019 had a CVSSv2 score of 7.0 and above.
Risk Based Security also identified a total of 302 vulnerabilities impacting Electronic Voting Machines (EVMs), 289 of which have no known solution.
“As with any device that relies on code, there are vulnerabilities that can affect the system’s integrity and you don’t want anyone tampering with them. Only 13 EVM vulnerabilities have a known solution. To make matters worse, of those, only one has a CVE ID assigned and can be found cataloged in the U.S. National Vulnerability Database” commented Brian Martin, Vice President of Vulnerability Intelligence at Risk Based Security. “EVMs with vulnerabilities have been used in past elections, and will no doubt be used again in our next elections. It doesn’t matter what politics or beliefs you subscribe to; the essence of democracy is a free, fair and secure election that captures the will of the people. The lack of visibility on this issue should be of deep concern to every American.”
The full research is highlighted in the just released 2019 Year End Vulnerability QuickView Report. Additional key findings comment on the increasing amount of vulnerability disclosures being released on the same day due to “Patch Tuesday”. With 2019 reaching an all-time high of 327 vulnerabilities being disclosed in a single day, Risk Based Security maintains that the practice, despite its initial good intentions is turning into a “nightmare” for many organizations.
“Patch Tuesday was created by Microsoft and it rolled out patches in a more scheduled and consistent manner. However, as the years have passed, more and more vendors are not only co-opting the concept of Patch Tuesday, but the day itself,” Mr. Martin concludes. “What started with Microsoft has turned into a storm of vendor disclosures from major vendors like Adobe, SAP, Siemens, and Schneider Electric. More companies are starting to release on Patch Tuesday as well as at other times. Those vendors include Google, Apple, Mozilla, Intel, Cisco, F5, and Juniper. All of those potential releases are in addition to the typical disclosures seen on any “average” day.”
About Risk Based Security
Risk Based Security (RBS) provides detailed information and analysis on Vulnerability Intelligence, Data Breaches, and Vendor Risk Ratings. Our products, Cyber Risk Analytics (CRA) and VulnDB, provide organizations access to the most comprehensive threat intelligence knowledge bases available, including advanced search capabilities, access to raw data via API, and email alerting to assist organizations in taking the right actions in a timely manner. In addition, our YourCISO offering provides organizations with on-demand access to high quality security and information risk management resources in one, easy to use web portal.
VulnDB is the most comprehensive and timely vulnerability intelligence available and provides actionable information about the latest in security vulnerabilities via an easy-to-use SaaS Portal, or a RESTful API for easy integration into GRC tools and ticketing systems. VulnDB has published integrations with over a dozen security platforms including, JFrog, Splunk, ServiceNow, Brinqa, Recorded Future and RSA Archer. VulnDB allows organizations to search on and be alerted to the latest vulnerabilities, both in end-user software and the third-party libraries or dependencies that help build applications. A subscription to VulnDB provides organizations with simple to understand ratings and metrics on their vendors and products, and how each contributes to the organization’s risk-profile and cost of ownership.