NVD: It’s Another Record Year for Vulnerabilities
The US-CERT has recorded more vulnerabilities so far in 2021 than any year previously, the fifth year in a row this has happened.
At the time of writing, 18,376 vulnerabilities in production code were recorded in the US National Vulnerability Database (NVD), exceeding the 2020 record of 18,351.
However, there were fewer high severity bugs in the NVD than last year. In 2020 the figure reached an all-time-high of 4381, falling to 3630 so far in 2021.
Pravin Madhani, CEO of K2 Cyber Security, argued that this could be due to improved coding practices and the growing popularity of DevSecOps. However, while organizations are coding better, they’re not testing as thoroughly as they should, allowing bugs to slip through into production, he added.
“The ongoing COVID-19 pandemic has continued to push many organizations to rush getting their applications to production, as part of their digital transformation and cloud journeys,” Madhani said.
“This means the code may have been through fewer QA cycles, and there may have been more use of third party, legacy, and open source code, another risk factor for more vulnerabilities.”
Casey Ellis, CTO at Bugcrowd, argued that the record number of software