28,695 vulnerabilities were disclosed in 2021 – the highest number on record

A total of 28,695 vulnerabilities were disclosed in 2021, according to a report from Risk Based Security.

That total is the highest number on record, and it puts the amount of risk that organizations and security teams face on full display. And now that the vulnerability disclosure landscape has moved past the COVID-19 pandemic, RBS predicts that the number of vulnerabilities disclosed in the future will continue to rise year-over-year.

“Despite the vulnerability disclosure landscape shaking off the pandemic, there has been no celebratory fanfare,” commented Brian Martin, VP of Vulnerability Intelligence at Risk Based Security.

“Now, it’s back to business-as-usual and that means vulnerability disclosure counts will likely fall back into the pattern of increasing each year. As such, organizations that still adopt the mindset of ‘patch everything’ will continue to struggle.”

The report further details the vulnerability landscape, highlighting the volatility caused by routine Patch Tuesday events, where many of them release up to 300 vulnerabilities on a single day.

An incredible amount of 2021 vulnerabilities had to be re-visited and updated as new solution information, references, and additional metadata became available – further demonstrating the strained workload that vulnerability management teams face daily.

“Updating previous records is vital because if a vulnerability is disclosed and isn’t coordinated with the vendor, it can be days, months or even years before a solution is made available,” commented Martin.

“While your organization may have introduced mitigating controls, it is still extremely important to install the patch or upgrade when it becomes available. If vulnerability entries are not updated with subsequently available remediation information, then your organization is missing out on crucial data needed to truly mitigate vulnerability-related risk.”