Cyberthreat intelligence company Flashpoint said in a report issued this week that it detected a total of 11,860 vulnerabilities in the first half of 2022, with almost a third of them missed or not detailed by the public MITRE CVE (Common Vulnerabilities and Exposures) database.
The report, “State of Vulnerability Intelligence,” includes disclosures—security vulnerabilities in hardware and software products reported by vendors and cybersecurity experts—collected by Flashpoint’s in-house vulnerability intelligence database, VulnDB.
Flashpoint said that there were huge discrepancies in the severity and classification of vulnerabilities reported by VulnDB, and those recorded in MITRE’s CVE database and the NVD database maintained by NIST (the US National Institute of Standards and Technology). NIST and MITRE coordinate their finding and report similar vulnerabilities. Flashpoint cautioned organizations to depend on more comprehensive and specific sources for a clear understanding of the vulnerability landscape.