Stories
Slash Boxes
Comments

SoylentNews is people

Experts Predict Record 20,000 CVEs for 2020

posted by Fnord666 on Wednesday July 22 2020, @03:18AM   Printer-friendly
from the go-for-a-record dept.

upstart writes in with an IRC submission for RandomFactor:

Experts Predict Record 20,000 CVEs for 2020:

This year could see a record breaking 20,000 vulnerabilities reported, with major increases in mobile bugs already in 2020, according to Skybox Security.

The security vendor's midyear update to its 2020 Vulnerability and Threat Trends Report contains some concerning findings for organizations as they struggle to manage cyber-risk at a time of mass remote working.

With 9000 vulnerabilities reported in the first half of the year, the firm is predicting the final total for 2020 could top twice as much as that. The figure for new CVEs in 2019 was 17,304. Without risk-based automated patch management systems, organizations struggle to mitigate these issues, leaving them exposed to attacks.

Part of this increase is due to a surge in Android OS flaws: these increased 50% year-on-year, according to Skybox.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Experts Predict Record 20,000 CVEs for 2020 | Log In/Create an Account | Top | 27 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Insightful) by Anonymous Coward on Wednesday July 22 2020, @06:10AM (1 child)

    by Anonymous Coward on Wednesday July 22 2020, @06:10AM (#1024870)

    Testing only verifies how bug free your code actually is. Bug free code without tests is still bug free code (though it'd be harder to realize the code is bug free). Testing only aids in writing better code if you analyze why the bug occurred and how you can prevent that type of bug from being written in the future. If you simply squash each bug it uncovers without investigating then the quality of code you write in the future only improves at a snails pace at best.

    We're not exactly agreeing with each other but we're not disagreeing either. I agree with everything you said after your first sentence but I see the 1st as more of a validation step rather than a requirement.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Total Score:   1  

  • (Score: 0) by Anonymous Coward on Wednesday July 22 2020, @08:45AM

    by Anonymous Coward on Wednesday July 22 2020, @08:45AM (#1024884)

    No, we completely agree. I was just pointing out that you can write bug free code if you do it right the first time, but that doesn't really mean anything if you don't know it. The problem I was trying to point out is that lots of people substitute improper values for "knowing it" and proper design/understanding.

    However, I'm far to pragmatic in my understanding of people. You can tell me that you have accounted for the entire input space and every possible graph traversal because you were super careful, but without proof I don't really care. People make mistakes all the time and it is much harder to spot your own than another's. But you are right to point out that a lot of today's word is squash the bug and move on instead of understanding the "why" of the problem that may go much deeper.