A recently-released report from Risk Based Security announced that 2016 saw the besting again of an all-time high for software vulnerabilities disclosed — more than 15,000 total last year. Every year recently has seen a new record set, representing a more than 85% increase from 2011.
Other key findings from the report include:
- 41 new vulnerabilities discovered each day of the year
- Software vendors need to be made more accountable for the state of security within their offerings
- Vendors need not only to respond to vulnerabilities quickly, but to focus on avoiding these issues when writing their source code in the first place.
This rings true with everything Dyn has been seeing over the last few years with DDoS attacks specifically. Every day, attackers are finding new ways to exploit more devices, more things, to send attacks at sites, companies, and countries.
There is one piece of good news from the report. Risk Based Security says that one thing the industry is getting right is disclosure. While in recent years the ratio of coordinated to uncoordinated disclosures has been as low as 50-50, in 2016 that number rose to 6735 vulnerabilities reported through coordinated disclosure versus 2195 uncoordinated. Security researchers and vendors are working together to improve reporting procedures and address security issues faster and more proactively.