75% of Vulns Shared Online Before NVD Publication
Research shows more than 75% of vulnerabilities are reported on the dark web, security sites and sources before publication to the National Vulnerability Database.
More than 75% of vulnerabilities are publicly disclosed online before their official publication on the NIST's centralized National Vulnerability Database (NVD), reports Recorded Future.
The threat intelligence firm conducted research on more than 12,500 disclosed Common Vulnerabilities and Exposures (CVEs) from early 2016. It discovered a median time lag of seven days before vulnerabilities were shared to the NVD. Vulnerabilities are first posted to easily accessible sites like blogs, news sites, and social media pages, as well as remote parts of the Internet like the dark web and criminal forums.
More than 1,500 information security sources, from blogs to adversary sources, reported on vulnerabilities before their official release. Five percent of flaws are discussed on the dark web prior to NVD publication, and are more severe than anticipated.
This seven-day time gap between unofficial and official publication leaves businesses exposed to potential exploits. Adversaries are monitoring and acting on vulnerability information before CISOs and security teams have time to act on them.
Read more details here.
About the Author(s)
You May Also Like
Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024Extending Access Management: Securing Access for all Identities, Devices, and Applications
June 4, 2024Assessing Software Supply Chain Risk
June 6, 2024Preventing Attackers From Wandering Through Your Enterprise Infrastructure
June 19, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024