75% of Vulns Shared Online Before NVD Publication75% of Vulns Shared Online Before NVD Publication
Research shows more than 75% of vulnerabilities are reported on the dark web, security sites and sources before publication to the National Vulnerability Database.
June 7, 2017
More than 75% of vulnerabilities are publicly disclosed online before their official publication on the NIST's centralized National Vulnerability Database (NVD), reports Recorded Future.
The threat intelligence firm conducted research on more than 12,500 disclosed Common Vulnerabilities and Exposures (CVEs) from early 2016. It discovered a median time lag of seven days before vulnerabilities were shared to the NVD. Vulnerabilities are first posted to easily accessible sites like blogs, news sites, and social media pages, as well as remote parts of the Internet like the dark web and criminal forums.
More than 1,500 information security sources, from blogs to adversary sources, reported on vulnerabilities before their official release. Five percent of flaws are discussed on the dark web prior to NVD publication, and are more severe than anticipated.
This seven-day time gap between unofficial and official publication leaves businesses exposed to potential exploits. Adversaries are monitoring and acting on vulnerability information before CISOs and security teams have time to act on them.
Read more details here.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023