Skip to content

Davey Winder

delivering award-winning technology journalism since 1991

  • home
  • about me
  • follow me on mastodon
  • privacy policy
  • Toggle search form
Two horses wearing blinkers

Enterprises being blindsided by unreported vulnerabilities risk

Posted on August 17, 2018August 17, 2018 By Davey Winder

Of 10,644 vulnerabilities reported in the first half of 2018, 30 percent didn’t appear in the official CVE or NVD systems

“It is highly problematic if an organisation is not aware of higher severity vulnerabilities that pose a risk to their assets” said Carsten Eiram, chief research officer for Risk Based Security. Of those 10,644 reported vulnerabilities, Eiram confirms that a quarter (25.6 percent) currently have no solution. Meanwhile, researchers at NCC Group analysed nine years of its discovered vulnerabilities and found that only 2.4 percent resulted in a CVE numbering. Of the paltry 289 classed as closed, the critical-risk vulnerabilities took an average of 77 days to resolve. A figure that exceeds the industry-accepted 30 day notice period at any risk level. Matt Lewis, research director at NCC Group, says “improving our industry’s ability to detect vulnerabilities before they become an issue is less of an achievement without an established process in place for their remediation and disclosure.”

Click here to read complete article

Vulnerabilities Tags:CVE, Research, Vulnerabilites

Post navigation

Previous Post: Is AI hype weakening trust in cybersec vendors, and enterprise security postures?
Next Post: How healthy is NHS app security? Not very, I fear.

Related Articles

New Google Report Warns Of ‘Real And Significant Threat’ To User Privacy Google
Google Security Warning: First Hack Attack Of 2024—Update Chrome Now Google
Hackers Prompt Emergency Google 0-Day Attack Patch For Chrome Users Google
Photo of front end collision, crash test of cars This Surprisingly Simple Hack Can Crash iPhones—Update To iOS 17.2 Now Hacking
Google Chrome 120—Update Now As New Security Risks Revealed Google
New Critical Google Chrome Security Warning As 0-Day Exploit Confirmed Announcements

Categories

Post Archive

Tags

0day Analysis Android Apple Apps breach bug bounty Business Chrome crime Cybercrime Data Protection Encryption Enterprise Google Government Hackers Hacking Health healthcare industry iOS IoT iPhone Malware Microsoft News NHS Opinion passwords Phishing Privacy ransomware Research Russia Samsung threat intelligence Twitter Update Vulnerabilites vulnerabilities Vulnerability Windows Windows 10 zero-day

Copyright © 2025 Davey Winder .

×
Cookies
We serve cookies. If you think that's ok, just click "Accept all". You can also choose what kind of cookies you want by clicking "Settings". Read our cookie policy
Settings Refuse all Accept all
Cookies
Choose what kind of cookies to accept. Your choice will be saved for one year. Read our cookie policy
  • Necessary
    These cookies are not optional. They are needed for the website to function.
  • Statistics
    In order for us to improve the website's functionality and structure, based on how the website is used.
  • Experience
    In order for our website to perform as well as possible during your visit. If you refuse these cookies, some functionality will disappear from the website.
  • Marketing
    By sharing your interests and behavior as you visit our site, you increase the chance of seeing personalized content and offers.
Save Refuse all Accept all
GDPR Cookie Policy