RICHMOND, Va.—In the first half of 2019, there have been about 4,000 fewer entries in the common vulnerabilities and exploits (CVE) database, which tracks weaknesses in software and hardware, but that's no reason for CUs to rest easy: 34% of the 11,092 reported vulnerabilities remain unpatched.
Leading the pack with 24.1% of all vulnerabilities between them are five companies: Software in the Public Interest (Debian and related platforms), SUSE, Oracle, IBM, and Microsoft, a study from Risk Based Security reveals.
“Given the popularity of platforms from those organizations, it's reasonable to assume your organization is affected by at least one of the more than 11,000 vulnerabilities reported in 2019, and possibly by some that remain unpatched,” noted Ooda Loop in its analysis.