Let’s Talk CVE Hyperinflation at VMware’s Security Connect 2021

If you’ve been following Kenna’s blogs you’ll know I’ve been tracking the publication of CVEs and sharing some key insights, including a recap of everything published in Q1 2021 (check out the podcast where I talk through it). We’ve seen some impressive figures. In Q1 of this year, more than 2,700 CVEs were published. That’s a 380% increase from 2011, when only 716 CVEs were published in the first quarter. And I expect that we’ll reach more than 17,000 CVEs by the end of the year (we’re currently at 5,129).  

By most measures, CVEs have reached “hyperinflation” status. Yes, we most often use that term when referring to economics. (Our feature image shows Hungary’s 100 quintillion pengo note, the largest currency note ever circulated.) But hyperinflation is really the most appropriate description for what we’re looking at with CVEs: an extreme rise in a relatively short period of time. And if we look at instances of economic hyperinflation throughout history, we’ll see it’s a genie that’s pretty difficult to put back in the bottle. Same thing can be said for CVE hyperinflation. 

Does this matter? You bet it does.

So what’s causing this, and does it really matter? A number of things and, yes, it absolutely does matter. Understanding the snowballing list of CVEs requires a closer look at the CVE Number Authorities (CNAs) around the world, along with a number of other factors. And as far as impact is concerned—well, let’s just say we’re looking at a “fuel on the fire” scenario when it comes to vulnerability management. 

But I’m not going to dive into all of that golden content right now because this topic is exactly what I’ll be discussing at 11 a.m. PDT Thursday, June 3 during VMware’s Security Connect 2021. You can register here to join the conversation. 

See you there!