Back to Blog
#XM

The Growing Threat of Vulnerabilities

Explore the ever-increasing importance of vulnerability management in cybersecurity as threats grow exponentially. Learn about the evolution of the National Vulnerability Database (NVD), CVSS, and EPSS scoring, and how prioritising remediation is essential for protecting digital assets.

Flow

Sep 23, 2024

The Ever-Increasing Importance of Vulnerability Management in Cybersecurity

Vulnerability Management stands as a critical element of cybersecurity defence, which has been evolving to meet the relentless advancements of cyber threats. Over the past two decades, the National Vulnerability Database NVD has grown to contain over 250,000 vulnerabilities.

When we look at the data, the exponential growth in the rate at which vulnerabilities are added to the NVD is accelerating. We have seen the steepest growth rate every year since 2017; looking at Q1 only, 2024 will be no exception.

This highlights the ever-growing need for robust and efficient vulnerability management.

Managing vulnerabilities-001

Managing vulnerabilities, specifically prioritising vulnerability remediation, remains challenging for many organisations. This challenge will only become more significant as the number of published CVEs increases.

A brief history of Vulnerability Management

Understanding the historical context and evolution of related standards and tools gives us a clearer picture of the journey that led us to the challenges we face today. This knowledge helps us prepare to safeguard our digital assets and networks against these ever-present and evolving threats.

Managing vulnerabilities-002

 

Vulnerability Measures

Two key vulnerability scoring systems—the Common Vulnerability Scoring System (CVSS) Base Score and the Exploit Prediction Scoring System (EPPS) Score—can inform organisations of where to prioritise their vulnerability remediation efforts.

CVSS Base Score

Introduced in 2005 to standardise the severity rating of vulnerabilities. It has undergone a series of refinements over the years; the last version, version 4, was released in 2023. The CVSS Base Score is a numerical value from 0 to 10, measured in the following severities:

  • Critical (9.0-10.0)
  • High (7.0-8.9)
  • Medium (4.0-6.9)
  • Low (0.1-3.9)
  • None (0.0)
EPSS Score

EPSS (Exploit Prediction Scoring System) estimates the likelihood (probability) that the vulnerability will be exploited in the wild. It was first introduced in 2021 and is now in its third version, which was released in 2023. The probability scores range between 0.0 and 1.0 (0% and 100%).

In the next part of this series, we will explore how to effectively use these scoring systems as part of a vulnerability management program.

Ready to Enhance Your Vulnerability Management?

Want to learn more about strengthening your vulnerability management strategy? Our team is here to help!

Click below to reach out and discuss how we can help your business navigate the ever-evolving cybersecurity landscape.

Blogs and news

Evolving Cyber Defences: Mastering the New Era of Vulnerability Management

Evolving Cyber Defences: Mastering the New Era of Vulnerability Management

Discover expert insights in our latest ebook on Vulnerability Management, covering CVSS, EPSS, CTEM, and best practices for improving your ...

Unlocking the Future of Vulnerability Management: WithSecure Exposure Management

Unlocking the Future of Vulnerability Management: WithSecure Exposure Management

Explore how WithSecure Exposure Management enhances Continuous Threat Exposure Management (CTEM) with features like continuous assessment, ...

The Future of Cybersecurity: Continuous Threat Exposure Management (CTEM)

The Future of Cybersecurity: Continuous Threat Exposure Management (CTEM)

Discover how Continuous Threat Exposure Management (CTEM) is revolutionising cybersecurity by enhancing vulnerability management, risk miti...