In the first six months of this year, there were over 4,000 fewer entries in the common vulnerabilities and exploits (CVE) database, a new report by Risk Based Security shows. However, the study warns that 34% of the more than 11,000 security flaws that were reported, haven’t been patched yet.
The following five vendors together account for almost one-fourth (24.1%) of all flaws: Microsoft, IBM, Oracle, SUSE and Software in the Public Interest, the organization behind Debian and related systems.The majority (53%) of flaws were remote issues and two-thirds (66%) involved input manipulation.
Read more: Cybersecurity alert: 34% of vulnerabilities found this year remain unpatched
