Given the ballooning attack surface, it’s no surprise the number of vulnerabilities is rising. In fact, the tally is downright daunting. From 2016 to 2018, new published vulnerabilities surged from 9,8372 to 16,500 per year.3 On average, this means enterprises find 870 vulnerabilities per day across 960 IT assets.4 Adding to the challenge, vulnerability severity appears to be increasing. Due to changes made in the industry standard Common Vulnerability Scoring System (CVSS), the majority of vulnerabilities are now categorized as high or critical. According to CVSSv3 ratings, 60% of vulnerabilities are considered high or critical compared to 31% in CVSSv2 (see Figure 1).5
eBook: Risk-Based Vulnerability Management: The Best Way to Prioritize
