Learn more.
Contact Us
Talk to an Expert
Request a demo

Let’s Talk CVE Hyperinflation at VMware’s Security Connect 2021

Jun 1, 2021
Jerry Gamblin
Director of Security Research at Kenna Security

Share with Your Network

If you’ve been following Kenna’s blogs you’ll know I’ve been tracking the publication of CVEs and sharing some key insights, including a recap of everything published in Q1 2021 (check out the podcast where I talk through it). We’ve seen some impressive figures. In Q1 of this year, more than 2,700 CVEs were published. That’s a 380% increase from 2011, when only 716 CVEs were published in the first quarter. And I expect that we’ll reach more than 17,000 CVEs by the end of the year (we’re currently at 5,129).  

By most measures, CVEs have reached “hyperinflation” status. Yes, we most often use that term when referring to economics. (Our feature image shows Hungary’s 100 quintillion pengo note, the largest currency note ever circulated.) But hyperinflation is really the most appropriate description for what we’re looking at with CVEs: an extreme rise in a relatively short period of time. And if we look at instances of economic hyperinflation throughout history, we’ll see it’s a genie that’s pretty difficult to put back in the bottle. Same thing can be said for CVE hyperinflation. 

Does this matter? You bet it does.

So what’s causing this, and does it really matter? A number of things and, yes, it absolutely does matter. Understanding the snowballing list of CVEs requires a closer look at the CVE Number Authorities (CNAs) around the world, along with a number of other factors. And as far as impact is concerned—well, let’s just say we’re looking at a “fuel on the fire” scenario when it comes to vulnerability management. 

But I’m not going to dive into all of that golden content right now because this topic is exactly what I’ll be discussing at 11 a.m. PDT Thursday, June 3 during VMware’s Security Connect 2021. You can register here to join the conversation. 

See you there! 

Share with Your Network

Read the Latest Content

Risk-Based Vulnerability Management

Analysts Agree: Risk-Based Vulnerability Management a Priority for 2021

Taking a risk-based approach to vulnerability management has always been our priority, and lately the industry has followed suit. Now in a new blog listing Gartner’s Top 10 Security Projects for 2020-2021, it’s clear that Gartner thinks it should be a priority for you, too. For a sense of why RBVM is a top priority…

Vulnerability Management

11 Tips for Choosing a Vulnerability Management Solution

“These tips go to 11.” – Nigel Tufnel It can be daunting to choose between vulnerability management (VM) solutions when all vendors describe their offerings in very similar ways. So making the best choice for you means identifying what your organization needs, and ensuring the solutions you’re evaluating meet those needs. It’s safe to say…

Risk-Based Vulnerability Management

What is Modern Vulnerability Management?

Modern vulnerability management is an orderly, systematic, and data-driven approach to enterprise vulnerability management. It leverages full visibility into a technology stack to target the riskiest vulnerabilities, enabling companies to adhere to designated SLA’s, respond to threats rapidly, and have meaningful discussions about organizational risk tolerance. Got that? Let’s unpack it.  To understand what modern…

Sign up to get the latest updates

© 2021 Kenna Security. All Rights Reserved. Privacy Policy.