What trends in network security development are reflected in this vulnerability report
AD |
Recently, the China National Information Security Vulnerability Sharing Platform (CNVD) released a report, which is based on vulnerability data released by the China National Information Security Vulnerability Database (CNNVD) in 2022. The overall content includes statistics on the growth, types, severity levels, fixes, and attack hazards of vulnerabilities, analyzing and evaluating the development trends and characteristics of vulnerabilities, and proposing work ideas for vulnerability prevention and mitigation
Recently, the China National Information Security Vulnerability Sharing Platform (CNVD) released a report, which is based on vulnerability data released by the China National Information Security Vulnerability Database (CNNVD) in 2022. The overall content includes statistics on the growth, types, severity levels, fixes, and attack hazards of vulnerabilities, analyzing and evaluating the development trends and characteristics of vulnerabilities, and proposing work ideas for vulnerability prevention and mitigation.
In 2022, nearly 25000 new vulnerabilities were added, reaching a historic high and maintaining a continuous growth trend. The proportion of ultra high-risk vulnerabilities is continuously increasing, and the vulnerability repair rate has significantly increased. The situation of facing vulnerability threats remains severe. The overall situation has undergone new changes, with the number of high-risk vulnerabilities breaking through a new high, zero day competition highlighting new challenges in attack and defense, unilateral vulnerability control disrupting international order, and cyber hegemonism impacting the rights and interests of cyberspace. The overall situation of cybersecurity is becoming more complex and severe.
Regarding the disclosure of vulnerabilities. In 2022, nearly 25000 new vulnerabilities were added, reaching a historic high and maintaining a continuous growth trend. The proportion of ultra high-risk vulnerabilities is continuously increasing, and the vulnerability repair rate has significantly increased. The situation of facing vulnerability threats remains severe. As of 2022, CNNVD has released a total of 199465 vulnerability information, with 24801 new vulnerability information added in 2022. From the perspective of vulnerability harm and repair situation, in 2022, there were 4200 super critical vulnerabilities, 9968 high-risk vulnerabilities, 10146 medium critical vulnerabilities, and 487 low critical vulnerabilities among the newly added vulnerabilities. The corresponding repair rates were 54.86%, 79.65%, 76.13%, and 91.38%, respectively, with an overall repair rate of 77.76%. From the perspective of vendor distribution, Google has the highest number of product vulnerabilities in 2022, with a total of 1411 new vulnerabilities added. Microsoft ranks second with 963 vulnerabilities. From the perspective of vulnerability types, there are 3217 cross site scripting vulnerabilities, accounting for 12.97% of the total, with the highest proportion.
Regarding vulnerability trend analysis. With the advancement of global digitization, networking, and intelligence, the number, severity, and attention of network security vulnerabilities are rapidly increasing. The development of the digital economy is facing increasing challenges in the field of network security.
Among them, the number of high-risk vulnerabilities has reached a new high. From 2018 to 2022, the number of vulnerabilities showed a continuous growth trend for five consecutive years. In 2022, the number of new vulnerabilities reached the highest level in a calendar year, an increase of 52% compared to 2018, and the number of ultra high-risk vulnerabilities doubled compared to 2018.

As shown in the figure, the comparison between the number of new vulnerabilities and the number of high-risk vulnerabilities from 2018 to 2022 is shown in the statistical chart
The growth rate in 2022 has significantly accelerated compared to the previous year, and the growth rate of the number of ultra-high risk vulnerabilities has increased simultaneously. In 2022, the proportion of ultra-high risk vulnerabilities was 57%, with a significant increase compared to previous years. Statistics on the growth rate of new and high-risk vulnerabilities from 2018 to 2022.

As shown in the figure, the statistical comparison between the growth rate of vulnerability numbers and the growth rate of ultra-high risk from 2018 to 2022
Overall, monthly data for the past five years shows that the number of new vulnerabilities in each year generally reached a high level in April, October, and December, while February, May, and November were relatively low.

As shown in the figure, the monthly distribution comparison of the number of vulnerabilities from 2018 to 2022 is shown in the statistical chart
Suggestions for next steps:
One is to promote international cooperation mechanisms for loophole governance, hedge cyber hegemony, and build a community with a shared future in cyberspace. Digital transformation is the trend of global economic development. The global digital supply chain is intertwined. Unilateral supply cut-off and sales prohibition do not conform to the development concept of win-win cooperation. Providing high-quality digital technology and maintaining product safety and performance in a responsible manner is the long-term plan to expand the international market. We need to establish a guarantee mechanism for timely sharing of vulnerability information with core basic digital product suppliers, jointly create internationally recognized vulnerability standards, lead the international vulnerability governance system with new rules, and maximize security rights.
The second is to promote smooth national mechanisms for vulnerability governance, and establish a sound system for coordinating vulnerability governance. Vulnerability governance is a key link in addressing the transmission of non-traditional security risks to traditional security risks. It is the foundation for enhancing national security governance capabilities and an important strategic task for maintaining national security. Strengthening vulnerability governance is to firmly establish the foundation of network security. The key and fundamental of loophole governance is to rely on the working mechanism deployed uniformly at the national security level, clarify loophole governance functions, build governance capabilities such as basic research, detection, risk assessment and Talent management, and promote the construction of loophole risk governance system as a whole to achieve effective management and control of loophole risks.
The third is to create a good vulnerability ecological environment, promote vulnerability technology research and application innovation. The vulnerability industry is an important pillar of vulnerability risk governance. Based on the strict crackdown on the black industry chain, we should reasonably guide upstream output, increase the admission and supervision of midstream participants, use policy support to encourage downstream enterprises to actively apply innovation, plan and layout the overall development direction of the industry, effectively improve industrial efficiency, and fully play the important role of industrial vulnerability governance.
The fourth is to strengthen the construction of vulnerability awareness mechanisms and methods, and enhance network security defense capabilities. Vulnerability exploitation is the main means of network attacks. Once major risk vulnerabilities are disclosed, it is difficult for large institutions to immediately complete the repair of vulnerable assets across the entire network. Whether they can respond to vulnerability attacks fundamentally depends on their ability to identify vulnerabilities and their targeted response speed, which is the fundamental guarantee of the security of important network assets such as infrastructure. We need to do a good job in the management of key infrastructure network assets in the basic field, and achieve a "clear bottom line". Relevant departments should coordinate and organize technical forces to gather vulnerability attack feature resources, strengthen the construction of vulnerability attack identification capabilities, effectively support the network security protection of national key infrastructure, and prevent and crack down on various illegal and criminal activities such as sabotage, theft, espionage, etc. using vulnerabilities both domestically and internationally by law enforcement departments.
The fifth is to accelerate the development of vulnerability standards and system construction, and strengthen the basic research capacity of vulnerabilities. Although vulnerabilities are inevitable, effective management and technical measures can reduce the number of vulnerabilities, reduce the level of vulnerability risk, and improve the security performance of digital products. Establish and improve vulnerability management standard system, prepare vulnerability risk level, classification, security detection and other series of standards, and provide technical basis for the construction and implementation of vulnerability risk assessment mechanism. (Guangming Network reporter Wang Yihan)
Source: Guangming Network
Disclaimer: The content of this article is sourced from the internet. The copyright of the text, images, and other materials belongs to the original author. The platform reprints the materials for the purpose of conveying more information. The content of the article is for reference and learning only, and should not be used for commercial purposes. If it infringes on your legitimate rights and interests, please contact us promptly and we will handle it as soon as possible! We respect copyright and are committed to protecting it. Thank you for sharing.(Email:[email protected])
Mobile advertising space rental |
Tag: in What trends network security development are reflected this
The 'Wife Robot' is only sold for 100000 yuan and can do anything except have children? Be careful not to be deceived
Next29000 kilometers to repair 1500 lighthouses, planes cannot be seen clearly at night, and American style infrastructure is done as soon as it is said
Guess you like
-
Pinduoduo's "Trillion-Yuan Support" Plan: A Three-Year, 100 Billion Yuan Investment to Build a Multi-Win Business EcosystemDetail
2025-04-03 14:41:29 11
-
Huyu Xianxiang and AVIC Optoelectronics Institute Forge Strategic Partnership to Shape China's eVTOL Avionics LandscapeDetail
2025-04-02 18:39:02 1
-
Haier Smart Home's 8th Global R&D Innovation Awards: Illuminating Better Lives with Technology, Achieving User SatisfactionDetail
2025-04-02 15:57:33 21
-
Huawei's 2025 China Digital Power Partner Conference: Carbon-Neutral Path for China, Shared Value CreationDetail
2025-03-31 18:57:09 11
-
OPPO Think Tank: A New Paradigm for Chinese Enterprises' Globalization From Wusha Village to the Global High-End MarketDetail
2025-03-31 18:48:21 1
-
ICLR 2025: Chinese Universities and Companies Showcase AI Prowess with Numerous Accepted Papers; Stanford-HKUST Collaboration Achieves Perfect ScoreDetail
2025-03-31 14:54:45 11
-
Huawei HarmonyOS Smart Home Partner Summit: Deep Dive into Spatial Intelligence Transformation and Ecosystem Development StrategyDetail
2025-03-31 13:01:45 1
-
AI Large Models Drive Innovation in Humanoid Robots and Autonomous Driving: 2025 as a Key MilestoneDetail
2025-03-31 13:00:04 1
-
Eight Cities Pilot Credit Supervision Data Openness, Empowering Micro and Small Enterprises with Mobile Payment PlatformsDetail
2025-03-26 09:32:47 1
-
Xiaomi's "Just a Little Profit": The Deep Logic and Sustainability Behind its Low-Margin StrategyDetail
2025-03-25 15:07:32 21
- Detail
-
The Ninth Huawei ICT Competition China Challenge Finals Conclude Successfully: Kunpeng and Ascend Tracks Crown Their ChampionsDetail
2025-03-24 16:26:03 11
-
Ronshen Sugar Cube Refrigerator: The Official Product of the 2025 FIFA Club World Cup, Ushering in a New Era of Healthy Food PreservationDetail
2025-03-24 15:40:35 21
-
Zhihu Launches New Version of Zhihu Straight Answer: Deep Integration of AI and Community to Enhance Professionalism and CredibilityDetail
2025-03-24 14:04:38 1
-
China Construction Ninth Harmony (Zhongjian Jiuhe) and Huawei HarmonyOS Smart Home Deepen Strategic Partnership at AWE2025, Building a Green and Intelligent Future HomeDetail
2025-03-23 15:21:15 41
-
ZuoYeBang Books Leads the New Trend in Intelligent Education Publishing at Changsha Book FairDetail
2025-03-21 15:15:33 1
-
Tianyancha: Shielding Consumer Safety and Reshaping Business Trust with DataDetail
2025-03-21 08:47:58 1
-
Hisense at AWE2025: AI Empowerment, Leading the Transformation of Future Smart LivingDetail
2025-03-20 18:24:11 11
-
Haier TV Makes a Stunning Debut at AWE 2024: Zhiyuan AI Large Model and PureScene Care Screen Usher in a New Era of Smart HomesDetail
2025-03-20 15:17:20 1
-
China Power's Xin Yuan Zhi Chu (New Source Smart Storage): Open Energy Intelligence Computing Center Leads Intelligent Transformation of the Energy IndustryDetail
2025-03-20 15:15:39 1