Today the US-CERT Vulnerability Database recorded 17,447 vulnerabilities, which is a new high and makes 2020 the fourth year in a row that a record number of vulnerabilities has been published. There were 17,306 vulnerabilities recorded in 2019.
t’s important to have a security framework that offers a defense-in-depth architecture.
The US-CERT Vulnerability Database keeps track of new vulnerabilities in production code as they are discovered and assigns each unique vulnerability with a “CVE” number. For the last three years, 2017 through 2019, there has been a record number of vulnerabilities recorded in the vulnerability database.
Though the emergence of DevSecOps and shift left approaches, the number of vulnerabilities in released code continues to rise. Companies still struggle to find the balance between getting applications to market quickly and securing their code.
The pandemic is a major factor this year. It’s pushed many organizations to rush getting their applications to production; they run less QA cycles, and use more 3rd party, legacy, and open-source code, which is a key risk factor for increased vulnerabilities.
There are a number of measures an organization can take to improve its web application security stance.
–>Make sure developers take security into consideration when developing and coding applications. Second,
–> Make sure that software and operating systems are kept up to date, with the latest updates and patches to ensure known vulnerabilities that have patches are not exploited.
Its vital to have a security framework that offers a defense-in-depth architecture. It’s time to take a hint from the recent finalization of the National Institute of Standards and Technology (NIST)’s SP800-53 .The new security and privacy framework standard now requires Runtime Application Self-Protection (RASP) as an added layer of security in the framework.