2020 was a tumultuous year for vulnerability risk management. Defenders had to contend with a growing volume of high-priority security threats, many of them in internet-facing technologies deployed to enable and secure a suddenly remote workforce. New communications from the U.S. National Security Agency made threat intelligence on state-sponsored attacks more accessible to the public, drawing increased attention from media, executive, and non-security stakeholder audiences. And, December brought revelations about a supply chain compromise with wide-ranging implications for thousands of organizations worldwide.
In other words: If you felt like your hair was on fire trying to understand and address the constant stream of potential and active threats making security news headlines in 2020, you weren’t alone.
When a new potential threat emerges, information security professionals often need to translate vague descriptions and untested research artifacts into actionable intelligence for their own particular risk models. In 2020, Rapid7 researchers triaged and analyzed thousands of vulnerabilities and threats to understand root causes and share insight on exploitability, among other characteristics. We regularly publish that analysis in AttackerKB so the community can use it to inform risk management strategies and perform research of their own. Today, we’re introducing Rapid7’s Vulnerability Intelligence Report, a new annual research report that identifies trends from a year of vulnerability analysis and puts learnings in the context of an evolving security landscape.
Our 2020 Vulnerability Intelligence Report examines 50 vulnerabilities from 2020 to highli ..