Vulnerability reporting, still impacted by COVID-19, is beginning to return to normal, Risk Based Security reveals.
Out of 11,121 vulnerabilities aggregated during the first half of 2020, 818 were the result of the Vulnerability Fujiwhara Effect, a term that describes the events when Microsoft and Oracle vulnerability disclosure schedules collide.
“Risk Based Security sounded the alarm back in January. We knew that these events would undoubtedly become a significant strain for IT staff and Vulnerability Managers,” commented Brian Martin, Vice President of Vulnerability Intelligence at Risk Based Security.
“Compared to other Patch Tuesdays this year, the highest reported ‘only’ 273 new vulnerabilities. However, during April’s Fujiwhara event we saw 506 new vulnerabilities reported, 79% of which came from seven vendors.
“Unfortunately for all of us, this is likely we can expect to occur more frequently in the future. The sheer volume makes one wonder who actually benefits from this all-at-once disclosure of vulnerabilities. Certainly not the paying customers.”
Vendors and products with the highest vulnerability counts
The report goes further into the details of the disclosure landscape by listing and breaking down the vendors and products with the highest vulnerability counts. Most notable is Microsoft, which has seen a 150% increase in the amount of vulnerabilities disclosed during the first six months of 2020 compared to the entirety of 2019. Windows 10 was the product with the most disclosed vulnerabilities by the end of Q2.
A growing concern is that, despite the high number of Microsoft vulnerabilities and the Vulnerability Fujiwhara, 29.3% of all vulnerabilities disclosed during the first half of 2020 do not have CVE ID, with 3.3% being ..
Support the originator by clicking the read the rest link below.
