Vulners report: comparing vulnerability world 2016 to 2017
0 likes490 views
The document compares vulnerability trends between 2016 and 2017, finding that while the total number of reported vulnerabilities increased by around 16,000, financial vulnerabilities rose 24% and enterprise vulnerabilities increased 11%. The number of public exploits grew 75% but the total number of public exploits decreased 30% as more became private. Overall, the analysis found that threats increased by double digits annually and that containing the growing flood of vulnerabilities and exploits is challenging.
Vulners report: comparing vulnerability world 2016 to 2017
- 1. Vulnerability trends report comparing 2016 to 2017 Kir Ermakov
- 2. 2 #:whoami - vulners.com founder - QIWI Group CTO - Web penetration tester - Member of “hall-of-fames” (Yandex, Mail.ru, Apple and so on)
- 3. 3 Vulners Database - Google-style search engine - 773.000+ security advisories, exploits and CVE’s - 100+ sources of content - Security awareness subscriptions - Linux audit API
- 4. 4 Creepy 2017 - WannaCry - NotPetya - Multiple Struts2 RCE - BadRabbit
- 6. 6 And what about…you?! - You are the lucky dude - Your security is not better - Probably even worth - You still didn’t applied 2FA? - Tell me more about PCI DSS - Internet is a new wild west
- 7. 7
- 8. 8 Let there be graphs and math - We analyzed 2016 to 2017 transition statistics - Activity of over 16,800,000 security fellows - Correlations in 7 categories - To tell you the truth: is it really so scary?
- 9. 9 Vulnerabilities at all - 6000 vs 16000-a-year - Researchers did a good job - What happened in May?
- 10. 10 Financial and enterprise - 24% increase for financial - 11% increase for enterprise - ”Double digit” is good for business. And for you?
- 11. 11 Web exploits - 75% increase - Public exploits only - Same story with private ones?
- 12. 12 Public exploits total - 30% decrease - More exploits becomes private - Or researchers are lazy?
- 13. 13 So what? - Number of threats is increasing ”double digit” - More exploits becomes private - No chance to hold the flood by the hands - Yes, it is scary
- 14. 14 Thanks - isox@vulners.com - Analyze with us - We are really trying to make this world better - Stop paying for features that are available for free