While the infosec industry is used to reading (and pumping out) FUD about software vulnerabilities, eye-catching research suggests about 500 vulns were exploited in 2019 – despite 18,000 new CVEs being created.
Kenna Security, a US infosec firm, reckons that despite thousands of vulnerabilities being assigned a Common Vulnerabilities and Exploitations (CVE) tracking number in the year, just 473 of those were actively being exploited in ways likely to impact enterprises.
That represents just 2.6 per cent of vulns reported during the year, shedding new light on the scale of the threat to internet-connected businesses.
Kenna's co-founder and CTO, Ed Bellis, told The Register that the analysis his firm carried out focused on those CVEs with the potential to affect its customers. Even that 473 figure can be reduced further, he said. While the company did not filter down the 18,000 CVEs figure, for example, to look at only the ones af ..
Support the originator by clicking the read the rest link below.
