Free Trial

CVE Analysis on Cavirin Platform

Cavirin provides vulnerability assessments for your operating systems (in the cloud, on-premise or hybrid) as well as Docker Images. This article shares vulnerability trending insights we have seen when working on vulnerability analysis project and training our risk reporting algorithms. 

Cavirin platform uses a synchronized feed from the NIST National Vulnerability Database. This feed directly provides the Common Vulnerabilities and Exposures (CVEs) severity and base score that is used in its risk scoring algorithm to project the risk posture from unpatched vulnerabilities

Disclaimer: The below trend analysis is from all the CVEs data as collected from NVD from 1999 till 23-Oct-2017.

cybersecurity vulnerabilities

vulnerability management 

vulnerability assessment remediation

vulnerability remediation

Inferences

Based on the above analysis we could draw some obvious and some interesting inferences:

  • The number of vulnerabilities found and reported are increasing.
  • 88% of the reported vulnerabilities [high, med] requires an immediate detection and fix.
  • There is a decent number of vulnerabilities where severity is unknown and could be exploited.

Thus, it is relevant that you have a well-defined vulnerability assessment and fix mechanism and process. Vulnerabilities affect not only your Operating systems but also applications, container images, hardware and other software/hardware equipment you use to empower your infrastructure.

0
0
0
s2sdefault

© 2018 Cavirin Systems, Inc. All rights reserved.