Let’s Talk CVE Hyperinflation at VMware’s Security Connect 2021

Jun 1, 2021
Jerry Gamblin
Director of Security Research at Kenna Security

Share with Your Network

If you’ve been following Kenna’s blogs you’ll know I’ve been tracking the publication of CVEs and sharing some key insights, including a recap of everything published in Q1 2021 (check out the podcast where I talk through it). We’ve seen some impressive figures. In Q1 of this year, more than 2,700 CVEs were published. That’s a 380% increase from 2011, when only 716 CVEs were published in the first quarter. And I expect that we’ll reach more than 17,000 CVEs by the end of the year (we’re currently at 5,129).  

By most measures, CVEs have reached “hyperinflation” status. Yes, we most often use that term when referring to economics. (Our feature image shows Hungary’s 100 quintillion pengo note, the largest currency note ever circulated.) But hyperinflation is really the most appropriate description for what we’re looking at with CVEs: an extreme rise in a relatively short period of time. And if we look at instances of economic hyperinflation throughout history, we’ll see it’s a genie that’s pretty difficult to put back in the bottle. Same thing can be said for CVE hyperinflation. 

Does this matter? You bet it does.

So what’s causing this, and does it really matter? A number of things and, yes, it absolutely does matter. Understanding the snowballing list of CVEs requires a closer look at the CVE Number Authorities (CNAs) around the world, along with a number of other factors. And as far as impact is concerned—well, let’s just say we’re looking at a “fuel on the fire” scenario when it comes to vulnerability management. 

But I’m not going to dive into all of that golden content right now because this topic is exactly what I’ll be discussing at 11 a.m. PDT Thursday, June 3 during VMware’s Security Connect 2021. You can register here to join the conversation. 

See you there! 

Read the Latest Content

Threat Intelligence

18+ Threat Intel Feeds Power Modern Vulnerability Management

You need lots of threat intelligence feeds to cover all of the threat and vulnerability data categories in the world. Learn about the threat intel feeds...
Data Science

Ask Us About Our Data Science

In vulnerability management, data deluge is a recurring problem. Learn what data science is and how it can help your company.
Risk-Based Vulnerability Management

What is Modern Vulnerability Management?

Modern vulnerability management is an orderly, systematic, and data-driven approach to enterprise vulnerability management.

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.