"Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs"
According to security researchers at Cisco Threat Detection and Response, the number of organizations named a CVE Numbering Authority (CNA) and the number of Common Vulnerabilities and Exposures (CVE) identifiers assigned in 2023 has increased compared to the previous year. The researchers noted that 28,902 CVEs were published in 2023, up from 25,081 in 2022. This is an average of nearly 80 new CVEs per day. The number of published CVEs has been steadily increasing since 2017. Regarding severity, the researchers noted that the average CVSS score of the 2023 CVEs was 7.12, with 36 vulnerabilities being assigned a score of 10. According to data from the CVE Program, which is maintained by MITRE and sponsored by the US government, the number of new CNAs announced in 2023 increased to 84 from 56 in 2022. Currently, there are nearly 350 CNAs from 38 countries. CNAs are vendors, cybersecurity companies, and other organizations that are allowed to assign CVE identifiers to vulnerabilities found in their own products and/or the products of others.
SecurityWeek reports: "Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs"