July 9, 2020

Volume X, Number 191

July 09, 2020

Subscribe to Latest Legal News and Analysis

July 08, 2020

Subscribe to Latest Legal News and Analysis

July 07, 2020

Subscribe to Latest Legal News and Analysis

July 06, 2020

Subscribe to Latest Legal News and Analysis

One-Third of Security Vulnerabilities Remain Unpatched

Although the number of security vulnerabilities reported in the first half of 2019 have reported dropped a bit from last year, a new report by Risk Based Security states that 34 percent of the 11,092 vulnerabilities identified have not been patched to date.

The key findings of the report include the following:

  • Web-related vulnerabilities accounted for 54.5 percent of those vulnerabilities.
  • 34 percent have public exploits.
  • 34 percent do not have a documented solution.
  • 53 percent can be exploited remotely.
  • 8 percent were classified as SCADA vulnerabilities.
  • 5 percent were classified as impacting security software.
  • 7 percent received CVSSv2 scores of 9.0+.
  • Five major vendors accounted for 24.1 percent of 2019 vulnerabilities so far.

The report also notes that remote vulnerabilities, those that happen over a network by an attacker that did not previously have access to a system accounts for the highest vulnerability experienced by companies in the first half of 2019. This is done through an SQL injection attack and according to Risk Based Security, the way to combat it is through sanitizing input. Another recommendation in the report is to use a vulnerability scanning tool that can look at the entire network and all devices connected to it since many organizations are unaware of all of the devices connected to the network. If a company is scanning and patching, more than one half of the reported vulnerabilities in the first half of this year could have been resolved.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.National Law Review, Volume IX, Number 241


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...