- Vulnerability reporting spotlights a decrease in the first half of 2020, followed by clear signs of a return to the regular levels.
- Windows 10 proves to be the product with the most disclosed vulnerabilities by the end of Q2.
- Our Windows 10 Troubleshooting section includes helpful guides you may use in that regard.
- To enjoy permanent access to the latest news from the tech world, just bookmark our News Hub.
Vulnerability reporting, seriously impacted by COVID-19, decreased in the first half of 2020 by 8.2 percent compared to the same period of the previous year.
In spite of that, the Q2 Risk Based Security vulnerability report indicates clear signs of a return to the regular levels.
Considering the latest numbers, as the year progresses, the total is likely to exceed that of last year’s.
Microsoft registers a 150 percent increase in the number of vulnerabilities
The latest report goes further into the details and mentions a few notable vendors and products with major vulnerability counts.
A name that easily stands out is Microsoft. Is spite of being security conscious, it registers a 150 percent increase in the total number of vulnerabilities disclosed between January 1, 2020, and June 30, 2020, as compared to the first six months of 2019.
A high degree of concern is given by the fact that no less than 30% of all vulnerabilities disclosed during the first half of 2020 do not have CVE ID. More specifically, 3% of them are still in the RESERVED status.
This means that no information for those vulnerabilities is available within the CVE/NVD database at the moment:
Given the sheer amount of vulnerabilities disclosed, organizations relying on CVE/NVD will struggle to find timely and actionable intelligence. The bare minimum metadata found within NVD is not enough for organizations to properly prioritize and remediate.
Organizations are increasing their own risk by relying on CVE to provide complete and timely data. The current level of vulnerability disclosures organizations face on a daily basis are more than CVE can handle, and it will only get worse.
Brian Martin, Vice President of Vulnerability Intelligence, RBS
Speaking of vulnerabilities, this trend was also observed by us during the Patch Tuesdays of 2020. That’s how our current year looks so far:
- February: 99 CVEs
- March: 115 CVEs
- April: 118 CVEs
- May: 147 CVEs
- June: 139 CVEs
- July: 136 CVEs
- August: 146 CVEs
Are you worried about the increasing number of 2020 vulnerability reports? Let us know in the comments section below.