The National Institute of Standards and Technology (NIST) released a graph showing the number of vulnerabilities reported in 2021, finding 18,378 this year.
The figure set a record for the fifth straight year in a row, but 2021 was different in some ways. The number of high severity vulnerabilities fell slightly compared to 2020, with 3,646 high risk vulnerabilities this year compared to last year’s 4,381.
For 2021, the number of medium and low risk vulnerabilities reported — 11,767 and 2,965 respectively — exceeded those seen in 2020.
Opinions on the graph were mixed, with some confused about why there were fewer high-severity vulnerabilities and others saying the report jived with what they saw throughout the year.
Bugcrowd CTO Casey Ellis said at the most basic level, technology itself is accelerating and vulnerabilities are inherent to software development. The more software that is produced, the more vulnerabilities will exist, Ellis explained.
When it comes to the breakdown of high, medium and low-severity vulnerabilities, Ellis said lower impact issues are easier to find and are generally reported more often, with the opposite being true of high impact issues.
“High impact issues tend to be more complicated, remediated more quickly once found, and — in the