In this report we begin by examining the prevalence of those vulnerabilities across assets to determine which ones are most common. Then we measure how quickly those vulnerabilities are remediated and what factors speed up or slow down that process. We’ll begin our foray into the wilds of the vulnerability landscape by examining the product vendors that shape it. This is important because these technologies are commonly used, thus vulnerabilities affecting them can have a widespread impact on cyber risk posture.

The objective of this report is to reflect on the different vulnerability management phases and their current maturity and trends through a cumulative dashboard view of the United VRM SaaS solution, anonymously accumulating vulnerability and asset data from January 2019 to present date. These cumulative views will reveal trends and considerations about vulnerability management practices and overall program maturity.

For this survey, we surveyed 426 security professionals directly responsible for managing cyber vulnerabilities in their day-to-day work. The survey was conducted online via Pollfish using organic sampling. What we found is that some organizations have effective ways to detect, respond to, and remediate their vulnerabilities, while other organizations have more blind spots than they think.

NopSec has pioneered the research, measurement, and analytics of vulnerability threats since 2013. Its annual State of Vulnerability Risk Management reports are widely used and cited in the cybersecurity industry for its insights and actionable information. As presented in this report, vulnerability threats are ever more expanding and evolving, and NopSec is once again leading the research for new ways to expose these threats and protect valuable assets from getting compromised.

This year, NopSec predicts that the biggest cyber threats will be massive data breaches, ransomware, opportunistic crypto-mining attacks and IoT hacking.

This report offers an analysis into current trends in vulnerability risk management. It examines the attributes of security vulnerabilities viewed through a variety of lenses: Attributes of vulnerabilities published since 2002 versus those only recently published, Attributes of all vulnerabilities published in the National Vulnerability Database (NVD) in contrast with only those uploaded into our platform by our clients, Vulnerabilities broken down by industry vertical, CVSS score, product vendor and active exploitation in the wild.

The goal of this report is to shed some light on the current threat landscape for organizations, assess the strengths and weaknesses of current vulnerability evaluation systems such as CVSS, (Common Vulnerability Scoring System) and explore additional metrics for determining the risk of a vulnerability.

This report, based on responses from nearly 200 IT and security practitioners surveyed, explores the current state of vulnerability risk management, the challenges that directly impact the remediation process, and the outlook for improvement in the coming year. In addition, compliance drivers and executive awareness of information security threats are considered to demonstrate their influence on effective vulnerability risk management.