What trends in network security development are reflected in this vulnerability report

Tech 2023-07-24 22:55:39 Source: Network

Recently, the China National Information Security Vulnerability Sharing Platform (CNVD) released a report, which is based on vulnerability data released by the China National Information Security Vulnerability Database (CNNVD) in 2022. The overall content includes statistics on the growth, types, severity levels, fixes, and attack hazards of vulnerabilities, analyzing and evaluating the development trends and characteristics of vulnerabilities, and proposing work ideas for vulnerability prevention and mitigation

Recently, the China National Information Security Vulnerability Sharing Platform (CNVD) released a report, which is based on vulnerability data released by the China National Information Security Vulnerability Database (CNNVD) in 2022. The overall content includes statistics on the growth, types, severity levels, fixes, and attack hazards of vulnerabilities, analyzing and evaluating the development trends and characteristics of vulnerabilities, and proposing work ideas for vulnerability prevention and mitigation.

In 2022, nearly 25000 new vulnerabilities were added, reaching a historic high and maintaining a continuous growth trend. The proportion of ultra high-risk vulnerabilities is continuously increasing, and the vulnerability repair rate has significantly increased. The situation of facing vulnerability threats remains severe. The overall situation has undergone new changes, with the number of high-risk vulnerabilities breaking through a new high, zero day competition highlighting new challenges in attack and defense, unilateral vulnerability control disrupting international order, and cyber hegemonism impacting the rights and interests of cyberspace. The overall situation of cybersecurity is becoming more complex and severe.

Regarding the disclosure of vulnerabilities. In 2022, nearly 25000 new vulnerabilities were added, reaching a historic high and maintaining a continuous growth trend. The proportion of ultra high-risk vulnerabilities is continuously increasing, and the vulnerability repair rate has significantly increased. The situation of facing vulnerability threats remains severe. As of 2022, CNNVD has released a total of 199465 vulnerability information, with 24801 new vulnerability information added in 2022. From the perspective of vulnerability harm and repair situation, in 2022, there were 4200 super critical vulnerabilities, 9968 high-risk vulnerabilities, 10146 medium critical vulnerabilities, and 487 low critical vulnerabilities among the newly added vulnerabilities. The corresponding repair rates were 54.86%, 79.65%, 76.13%, and 91.38%, respectively, with an overall repair rate of 77.76%. From the perspective of vendor distribution, Google has the highest number of product vulnerabilities in 2022, with a total of 1411 new vulnerabilities added. Microsoft ranks second with 963 vulnerabilities. From the perspective of vulnerability types, there are 3217 cross site scripting vulnerabilities, accounting for 12.97% of the total, with the highest proportion.

Regarding vulnerability trend analysis. With the advancement of global digitization, networking, and intelligence, the number, severity, and attention of network security vulnerabilities are rapidly increasing. The development of the digital economy is facing increasing challenges in the field of network security.

Among them, the number of high-risk vulnerabilities has reached a new high. From 2018 to 2022, the number of vulnerabilities showed a continuous growth trend for five consecutive years. In 2022, the number of new vulnerabilities reached the highest level in a calendar year, an increase of 52% compared to 2018, and the number of ultra high-risk vulnerabilities doubled compared to 2018.

As shown in the figure, the comparison between the number of new vulnerabilities and the number of high-risk vulnerabilities from 2018 to 2022 is shown in the statistical chart

The growth rate in 2022 has significantly accelerated compared to the previous year, and the growth rate of the number of ultra-high risk vulnerabilities has increased simultaneously. In 2022, the proportion of ultra-high risk vulnerabilities was 57%, with a significant increase compared to previous years. Statistics on the growth rate of new and high-risk vulnerabilities from 2018 to 2022.

As shown in the figure, the statistical comparison between the growth rate of vulnerability numbers and the growth rate of ultra-high risk from 2018 to 2022

Overall, monthly data for the past five years shows that the number of new vulnerabilities in each year generally reached a high level in April, October, and December, while February, May, and November were relatively low.

As shown in the figure, the monthly distribution comparison of the number of vulnerabilities from 2018 to 2022 is shown in the statistical chart

Suggestions for next steps:

One is to promote international cooperation mechanisms for loophole governance, hedge cyber hegemony, and build a community with a shared future in cyberspace. Digital transformation is the trend of global economic development. The global digital supply chain is intertwined. Unilateral supply cut-off and sales prohibition do not conform to the development concept of win-win cooperation. Providing high-quality digital technology and maintaining product safety and performance in a responsible manner is the long-term plan to expand the international market. We need to establish a guarantee mechanism for timely sharing of vulnerability information with core basic digital product suppliers, jointly create internationally recognized vulnerability standards, lead the international vulnerability governance system with new rules, and maximize security rights.

The second is to promote smooth national mechanisms for vulnerability governance, and establish a sound system for coordinating vulnerability governance. Vulnerability governance is a key link in addressing the transmission of non-traditional security risks to traditional security risks. It is the foundation for enhancing national security governance capabilities and an important strategic task for maintaining national security. Strengthening vulnerability governance is to firmly establish the foundation of network security. The key and fundamental of loophole governance is to rely on the working mechanism deployed uniformly at the national security level, clarify loophole governance functions, build governance capabilities such as basic research, detection, risk assessment and Talent management, and promote the construction of loophole risk governance system as a whole to achieve effective management and control of loophole risks.

The third is to create a good vulnerability ecological environment, promote vulnerability technology research and application innovation. The vulnerability industry is an important pillar of vulnerability risk governance. Based on the strict crackdown on the black industry chain, we should reasonably guide upstream output, increase the admission and supervision of midstream participants, use policy support to encourage downstream enterprises to actively apply innovation, plan and layout the overall development direction of the industry, effectively improve industrial efficiency, and fully play the important role of industrial vulnerability governance.

The fourth is to strengthen the construction of vulnerability awareness mechanisms and methods, and enhance network security defense capabilities. Vulnerability exploitation is the main means of network attacks. Once major risk vulnerabilities are disclosed, it is difficult for large institutions to immediately complete the repair of vulnerable assets across the entire network. Whether they can respond to vulnerability attacks fundamentally depends on their ability to identify vulnerabilities and their targeted response speed, which is the fundamental guarantee of the security of important network assets such as infrastructure. We need to do a good job in the management of key infrastructure network assets in the basic field, and achieve a "clear bottom line". Relevant departments should coordinate and organize technical forces to gather vulnerability attack feature resources, strengthen the construction of vulnerability attack identification capabilities, effectively support the network security protection of national key infrastructure, and prevent and crack down on various illegal and criminal activities such as sabotage, theft, espionage, etc. using vulnerabilities both domestically and internationally by law enforcement departments.

The fifth is to accelerate the development of vulnerability standards and system construction, and strengthen the basic research capacity of vulnerabilities. Although vulnerabilities are inevitable, effective management and technical measures can reduce the number of vulnerabilities, reduce the level of vulnerability risk, and improve the security performance of digital products. Establish and improve vulnerability management standard system, prepare vulnerability risk level, classification, security detection and other series of standards, and provide technical basis for the construction and implementation of vulnerability risk assessment mechanism. (Guangming Network reporter Wang Yihan)

Source: Guangming Network

Disclaimer: The content of this article is sourced from the internet. The copyright of the text, images, and other materials belongs to the original author. The platform reprints the materials for the purpose of conveying more information. The content of the article is for reference and learning only, and should not be used for commercial purposes. If it infringes on your legitimate rights and interests, please contact us promptly and we will handle it as soon as possible! We respect copyright and are committed to protecting it. Thank you for sharing.(Email:[email protected])

Mobile advertising space rental

Tag: in What trends network security development are reflected this