Quick Hits

Vulnerabilities Continue Around 2019 Pace

After lagging 2019 numbers in the first quarter, vulnerabilities have surged in the rest of 2020, leading researchers to predict that final numbers for this year will meet or exceed those of last year, report says.

A new report says that 2020's vulnerabilities should match or exceed the number of vulnerabilities seen in 2019. According to the report from the VulnDB team at Risk Based Security, the 17,129 vulnerabilities reported through the end of the third quarter are 4.6% below the number at the same time last year, but the rate of vulnerability discovery gives the team confidence in its prediction.

In the report, the team notes that the difference in vulnerability numbers between 2019 and 2020 at the end of the first quarter was 19.2%. Since then, the gap has narrowed considerably, and the trajectory indicates that the 2019 overall number of vulnerabilities is likely to be exceeded in 2020.

In particular, the report notes that regular Patch Tuesday vulnerability numbers are approaching those expected on "Fujiwhara Tuesdays" (named for a meteorological event when two cyclones meet and combine), when two major vendors like Microsoft and Cisco release patches on the same day. These events can overwhelm security teams, leading to remediation cycles that stretch on for weeks.

For more, read here.