"Security Teams Overwhelmed With Bugs, Bitten by Patch Prioritization"

In the first half of the year, the number of vulnerabilities disclosed surpassed 11,800, forcing businesses to assess the impact of an average of 90 security issues per weekday. The figures come from the cybersecurity firm Flashpoint's "The State of Vulnerability Intelligence — 2022 Midyear Edition" report, which notes that the massive number of vulnerabilities reported in the first half of the year highlights the challenges that businesses face when attempting to triage software security issues and determine which software updates to prioritize. According to Brian Martin, vice president of vulnerability intelligence at Flashpoint, organizations attempting to sort through security issues struggle to separate those that are highly critical from minor vulnerabilities and those that may not affect their environment at all. The focus on zero-day vulnerabilities, those labeled as "discovered in the wild" by researchers before a patch is available, clouds the issue. It is difficult to collect information on zero-day flaws. Google's Project Zero documented 20 such flaws exploited in the wild in the first half of 2022, while Flashpoint discovered at least 17 more. However, the most common attacks typically make use of known vulnerabilities. The number of vulnerabilities disclosed to vendors remains high. The National Vulnerability Database (NVD) also recorded over 11,000 flaws with Common Vulnerability and Exposures (CVE) identifiers in the first six months of the year. However, a portion of those are not true reported vulnerabilities but rather vendors reserving CVE identifiers for future, or yet-to-be-disclosed, vulnerabilities. According to Flashpoint, its database contains information on 27 percent more vulnerabilities than the NVD. This article continues to discuss security teams being overwhelmed with vulnerabilities and findings regarding patch prioritization challenges. 

Dark Reading reports "Security Teams Overwhelmed With Bugs, Bitten by Patch Prioritization"

Submitted by Anonymous on