The report from Coalition indicates an anticipated 25% rise in the total count of published common vulnerabilities and exposures for 2024, reaching 34,888 vulnerabilities, equivalent to approximately 2,900 per month.
Sharp CVE increase heightens software vulnerability concerns.
Vulnerabilities are primarily tracked as CVEs, although some may have an incorrect or nonexistent CVE identifier.
“New vulnerabilities are published at a rapid rate and growing. With an influx of new vulnerabilities, often sprouting via disparate flagging systems, the cyber risk ecosystem is hard to track. Most organizations are experiencing alert fatigue and confusion about what to patch first to limit their overall exposure and risk,” commented Coalition’s Head of Research, Tiago Henriques.
Zero-day vulnerabilities have received significant attention over the last year, but the Citrix Bleed vulnerability reminds us that many threat actors still build exploits for vulnerabilities where the vendor has already issued a patch.
The delay in CVE scoring often means that defenders face two uphill battles regarding vulnerability management.
