Research shows more than 75% of vulnerabilities are reported on the dark web, security sites and sources before publication to the National Vulnerability Database.

Dark Reading Staff, Dark Reading

June 7, 2017

1 Min Read

More than 75% of vulnerabilities are publicly disclosed online before their official publication on the NIST's centralized National Vulnerability Database (NVD), reports Recorded Future.

The threat intelligence firm conducted research on more than 12,500 disclosed Common Vulnerabilities and Exposures (CVEs) from early 2016. It discovered a median time lag of seven days before vulnerabilities were shared to the NVD. Vulnerabilities are first posted to easily accessible sites like blogs, news sites, and social media pages, as well as remote parts of the Internet like the dark web and criminal forums.

More than 1,500 information security sources, from blogs to adversary sources, reported on vulnerabilities before their official release. Five percent of flaws are discussed on the dark web prior to NVD publication, and are more severe than anticipated.

This seven-day time gap between unofficial and official publication leaves businesses exposed to potential exploits. Adversaries are monitoring and acting on vulnerability information before CISOs and security teams have time to act on them.

Read more details here.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights