Nearly 8,000 Security Flaws Did Not Receive a CVE ID in 2018

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,318
VulnDBvsCVEID.png


A record-breaking number of 20,832 vulnerabilities have been discovered in 2017 but only 12,932 of these received an official CVE identifier last year, a Risk Based Security (RBS) report reveals.

This means that 7,900 security bugs remained without a CVE-2017-XXXXX number, and were left off the databases of many security scanners because of it.

Furthermore, this also means that many security bugs remained buried on forums and personal blogs —places where attackers might have the time to scout, but where many IT security departments will never look.

This isn't the first time that MITRE’s Common Vulnerability Enumeration (CVE) and the DHS' National Vulnerability Database (NVD) have fallen short of identifying and categorizing all security flaws during a year, something that's becoming of a habit for the two organizations this past decade.

The reasons are plenty, but one of them is the explosion of security bugs in IoT devices, which has made it harder for Mitre and NVD staffs to keep up with all the bugs.

Furthermore, almost 7,000 2917 vulnerabilities received a RESERVED CVE status, with no public details available, despite 1,342 of them having a public disclosure. "This seems to indicate that MITRE is more focused on assigning and increasing the number of IDs, and not ensuring the quality of data," RBS experts concluded.
...................
...................
...................
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top