The National Institute of Standards and Technology (NIST) has released a chart showing the number of vulnerabilities reported in 2021: 18,378 were found that year. This number represents a record for the fifth year in a row. But there is also a positive development.
The number of high-severity vulnerabilities has decreased slightly compared to 2020: 3,646 high-risk vulnerabilities this year compared to 4,381 last year. However, there was an increase in the reported weaknesses with medium and low risk: 11,767 and 2,965, respectively.
The reactions of security experts to the statistics were mixed. Casey Ellis, CTO of Bugcrowd, sees a direct correlation between new software development and the number of vulnerabilities in software. The more software is produced, the more vulnerabilities there are.
Pravin Madhani, CEO of K2 Cyber Security, said the lower number of high-severity vulnerabilities could be due to better programming practices by developers. He suspects that many companies have relocated in recent years and are trying to prioritize security earlier in the development process.
Other cybersecurity experts like Bud Broomhead, CEO of Viakoo, called the report alarming. It shows how many exploitable vulnerabilities are still “in the wild” that threat actors could exploit. The record number of new vulnerabilities combined with the slow pace of patches and updates of devices to fix vulnerabilities means that companies are at greater risk than ever, especially from unpatched IoT devices.