Vulnerability Disclosures Drop in Q1 for First Time in a Decade

Vulnerability Disclosures Drop in Q1 for First Time in a Decade
Even with more security issues published on Patch Tuesdays, the total number of software flaws dropped for the first three months of 2020, according to one tally.

The number of vulnerabilities reported publicly dropped in the first quarter of 2020 for the first time in at least a decade, falling nearly 20% to 4,968 compared with the same quarter last year, according to an analysis published on Thursday by Risk Based Security.


While the drop occurred in the same quarter that the coronavirus pandemic caused many companies to start moving employees to remote work, there is no clear connection or mechanism for why there would be fewer vulnerabilities, says Brian Martin, vice president of intelligence for Risk Based Security.


"Everything that is an outlier for us is due to COVID-19," he says. "But based on that, I could give you reasons why the numbers should be higher or should be lower because you can argue either way based on theories of COVID-19's impact."


The report is a snapshot in time of where the annual vulnerability count stands. While the overall count for the quarter may decline, one major finding is that some software companies' strategy of releasing vulnerabilities on the second Tuesday of the month — so-called Patch Tuesday — is starting to overburden IT security teams, Martin says.


"We do notice that Patch Tuesdays are getting worse and worse," he says. "Administrators and security teams are going to experience more of a problem on these Tuesdays because they have to triage more and more vulnerabilities."


The counting of publicly disclosed vulnerabilities varies among the organizations that track software flaw ..

Support the originator by clicking the read the rest link below.