More Than 22,000 Vulns Were Disclosed in 2018, 27% Without Fixes
New research by Risk Based Security (RBS) indicates that in 2018, over 22,020 software security vulnerabilities were discovered. The number is not yet final however, as not all flaws discovered in 2018 have been reported yet. The final number for last year is likely to be higher than that for 2017 when the initial RBS report mentioned 20,832 flaws and the final report counted 22,230 vulnerabilities.
About half of all vulnerabilities (47.9%) were web-related, which is a similar percentage as in previous years. More than a quarter of flaws (27.5%) had to do with authentication. It is rather striking that 2 out of 3 vulnerabilities (67.7%) still stem from a lack of user input validation in software, which can allow threat actors to inject commands or malicious code into applications. Improper input filtering is a basic, avoidable software development flaw that has been resulting in security issues for decades.