Ryan Ware’s Post

View profile for Ryan Ware, graphic

Using Decades of Experience In Leadership & Engineering To Secure Products

I am completely blown away. I knew CVE creation was out pacing last year. What I did not quite understand was by how much! I had been estimating about 90 a day on average. Damn was I wrong. The data below shows (thank you CVEDetails) that we are at almost 40,000 CVEs for the year. On average that is over 110 new CVE’s per day! Oh, Sweet Summer Child. I would suggest I have concerns about keeping at this rate, but what we really need to be concerned with is the growth rate. Literally just 3 years ago we only had half this number of CVEs. To be clear, I’m not concerned about finding the vulnerabilities and publishing them. I’m concerned about the industry’s ability to *respond* to so many findings.

  • No alternative text description for this image
Josh Bressers

VP of Security at Anchore, Podcaster, Blogger

1d

The devil is in the details of course :) There are 3 CNAs that account for almost all the growth compared to 2023 I'm too lazy to create the graphs right now, but if you remove the Linux Kernel, and the Wordpress plugin bug bounty vendors Patchstack and Wordfence, you end up almost the same as 2023 (it was slightly less last time I looked, no doubt it's changed since then) Now, that's not to diminish the work those 3 CNAs are doing, because more CVE IDs is more better I think

How do we know it isn't just that vendors are disclosing more vulnerabilities than they used to, not that more vulnerabilities are being found?

Matthew Rosenquist

CISO at Mercury Risk. - Formerly Intel Corp, Cybersecurity Strategist, Board Advisor, Keynote Speaker, 190k followers

1d

Given the underlaying changes to the vulnerability discovery market, I expect this rate to no only be sustained, but continue to grow. Additionally, there will be many stealthy vulnerabilities that will not be visible until it is too late (i.e. more 0-days too!)

See more comments

To view or add a comment, sign in

Explore topics