What trends in network security development are reflected in this vulnerability report
AD |
Recently, the China National Information Security Vulnerability Sharing Platform (CNVD) released a report, which is based on vulnerability data released by the China National Information Security Vulnerability Database (CNNVD) in 2022. The overall content includes statistics on the growth, types, severity levels, fixes, and attack hazards of vulnerabilities, analyzing and evaluating the development trends and characteristics of vulnerabilities, and proposing work ideas for vulnerability prevention and mitigation
Recently, the China National Information Security Vulnerability Sharing Platform (CNVD) released a report, which is based on vulnerability data released by the China National Information Security Vulnerability Database (CNNVD) in 2022. The overall content includes statistics on the growth, types, severity levels, fixes, and attack hazards of vulnerabilities, analyzing and evaluating the development trends and characteristics of vulnerabilities, and proposing work ideas for vulnerability prevention and mitigation.
In 2022, nearly 25000 new vulnerabilities were added, reaching a historic high and maintaining a continuous growth trend. The proportion of ultra high-risk vulnerabilities is continuously increasing, and the vulnerability repair rate has significantly increased. The situation of facing vulnerability threats remains severe. The overall situation has undergone new changes, with the number of high-risk vulnerabilities breaking through a new high, zero day competition highlighting new challenges in attack and defense, unilateral vulnerability control disrupting international order, and cyber hegemonism impacting the rights and interests of cyberspace. The overall situation of cybersecurity is becoming more complex and severe.
Regarding the disclosure of vulnerabilities. In 2022, nearly 25000 new vulnerabilities were added, reaching a historic high and maintaining a continuous growth trend. The proportion of ultra high-risk vulnerabilities is continuously increasing, and the vulnerability repair rate has significantly increased. The situation of facing vulnerability threats remains severe. As of 2022, CNNVD has released a total of 199465 vulnerability information, with 24801 new vulnerability information added in 2022. From the perspective of vulnerability harm and repair situation, in 2022, there were 4200 super critical vulnerabilities, 9968 high-risk vulnerabilities, 10146 medium critical vulnerabilities, and 487 low critical vulnerabilities among the newly added vulnerabilities. The corresponding repair rates were 54.86%, 79.65%, 76.13%, and 91.38%, respectively, with an overall repair rate of 77.76%. From the perspective of vendor distribution, Google has the highest number of product vulnerabilities in 2022, with a total of 1411 new vulnerabilities added. Microsoft ranks second with 963 vulnerabilities. From the perspective of vulnerability types, there are 3217 cross site scripting vulnerabilities, accounting for 12.97% of the total, with the highest proportion.
Regarding vulnerability trend analysis. With the advancement of global digitization, networking, and intelligence, the number, severity, and attention of network security vulnerabilities are rapidly increasing. The development of the digital economy is facing increasing challenges in the field of network security.
Among them, the number of high-risk vulnerabilities has reached a new high. From 2018 to 2022, the number of vulnerabilities showed a continuous growth trend for five consecutive years. In 2022, the number of new vulnerabilities reached the highest level in a calendar year, an increase of 52% compared to 2018, and the number of ultra high-risk vulnerabilities doubled compared to 2018.
As shown in the figure, the comparison between the number of new vulnerabilities and the number of high-risk vulnerabilities from 2018 to 2022 is shown in the statistical chart
The growth rate in 2022 has significantly accelerated compared to the previous year, and the growth rate of the number of ultra-high risk vulnerabilities has increased simultaneously. In 2022, the proportion of ultra-high risk vulnerabilities was 57%, with a significant increase compared to previous years. Statistics on the growth rate of new and high-risk vulnerabilities from 2018 to 2022.
As shown in the figure, the statistical comparison between the growth rate of vulnerability numbers and the growth rate of ultra-high risk from 2018 to 2022
Overall, monthly data for the past five years shows that the number of new vulnerabilities in each year generally reached a high level in April, October, and December, while February, May, and November were relatively low.
As shown in the figure, the monthly distribution comparison of the number of vulnerabilities from 2018 to 2022 is shown in the statistical chart
Suggestions for next steps:
One is to promote international cooperation mechanisms for loophole governance, hedge cyber hegemony, and build a community with a shared future in cyberspace. Digital transformation is the trend of global economic development. The global digital supply chain is intertwined. Unilateral supply cut-off and sales prohibition do not conform to the development concept of win-win cooperation. Providing high-quality digital technology and maintaining product safety and performance in a responsible manner is the long-term plan to expand the international market. We need to establish a guarantee mechanism for timely sharing of vulnerability information with core basic digital product suppliers, jointly create internationally recognized vulnerability standards, lead the international vulnerability governance system with new rules, and maximize security rights.
The second is to promote smooth national mechanisms for vulnerability governance, and establish a sound system for coordinating vulnerability governance. Vulnerability governance is a key link in addressing the transmission of non-traditional security risks to traditional security risks. It is the foundation for enhancing national security governance capabilities and an important strategic task for maintaining national security. Strengthening vulnerability governance is to firmly establish the foundation of network security. The key and fundamental of loophole governance is to rely on the working mechanism deployed uniformly at the national security level, clarify loophole governance functions, build governance capabilities such as basic research, detection, risk assessment and Talent management, and promote the construction of loophole risk governance system as a whole to achieve effective management and control of loophole risks.
The third is to create a good vulnerability ecological environment, promote vulnerability technology research and application innovation. The vulnerability industry is an important pillar of vulnerability risk governance. Based on the strict crackdown on the black industry chain, we should reasonably guide upstream output, increase the admission and supervision of midstream participants, use policy support to encourage downstream enterprises to actively apply innovation, plan and layout the overall development direction of the industry, effectively improve industrial efficiency, and fully play the important role of industrial vulnerability governance.
The fourth is to strengthen the construction of vulnerability awareness mechanisms and methods, and enhance network security defense capabilities. Vulnerability exploitation is the main means of network attacks. Once major risk vulnerabilities are disclosed, it is difficult for large institutions to immediately complete the repair of vulnerable assets across the entire network. Whether they can respond to vulnerability attacks fundamentally depends on their ability to identify vulnerabilities and their targeted response speed, which is the fundamental guarantee of the security of important network assets such as infrastructure. We need to do a good job in the management of key infrastructure network assets in the basic field, and achieve a "clear bottom line". Relevant departments should coordinate and organize technical forces to gather vulnerability attack feature resources, strengthen the construction of vulnerability attack identification capabilities, effectively support the network security protection of national key infrastructure, and prevent and crack down on various illegal and criminal activities such as sabotage, theft, espionage, etc. using vulnerabilities both domestically and internationally by law enforcement departments.
The fifth is to accelerate the development of vulnerability standards and system construction, and strengthen the basic research capacity of vulnerabilities. Although vulnerabilities are inevitable, effective management and technical measures can reduce the number of vulnerabilities, reduce the level of vulnerability risk, and improve the security performance of digital products. Establish and improve vulnerability management standard system, prepare vulnerability risk level, classification, security detection and other series of standards, and provide technical basis for the construction and implementation of vulnerability risk assessment mechanism. (Guangming Network reporter Wang Yihan)
Source: Guangming Network
Disclaimer: The content of this article is sourced from the internet. The copyright of the text, images, and other materials belongs to the original author. The platform reprints the materials for the purpose of conveying more information. The content of the article is for reference and learning only, and should not be used for commercial purposes. If it infringes on your legitimate rights and interests, please contact us promptly and we will handle it as soon as possible! We respect copyright and are committed to protecting it. Thank you for sharing.(Email:[email protected])
Mobile advertising space rental |
Tag: in What trends network security development are reflected this
The 'Wife Robot' is only sold for 100000 yuan and can do anything except have children? Be careful not to be deceived
Next29000 kilometers to repair 1500 lighthouses, planes cannot be seen clearly at night, and American style infrastructure is done as soon as it is said
Guess you like
-
"Macau Story," a mini-series celebrating the 25th anniversary of Macau's return to China, achieves a billion viewsDetail
2024-12-24 16:38:43 1
-
Youku Sports and VICTOR Partner to Deliver an Upgraded and Innovative Live Streaming Experience for the 2024 BWF World Tour FinalsDetail
2024-12-24 14:31:57 1
-
Foxconn's Parent Company, Hon Hai Precision Industry, Invests an Additional RMB 600 Million in its Zhengzhou-based EV Battery UnitDetail
2024-12-24 10:01:13 1
-
2024 Spring Festival Travel Rush New Train Schedule: 321 Additional Trains Nationwide Starting January 5th, Further Enhancing Service Quality and EfficiencyDetail
2024-12-23 12:05:44 1
-
Changan Automobile and EHang Intelligent Sign Strategic Cooperation Agreement to Build Future Flying Car EcosystemDetail
2024-12-22 15:08:38 1
-
Liaoning Province and Baidu Sign Strategic Cooperation Framework Agreement to Jointly Promote AI Industry DevelopmentDetail
2024-12-20 19:36:38 1
-
Wanxun Technology Secures Nearly RMB 200 Million in Funding to Lead Global Soft Robotics Innovation, Set to Showcase Breakthroughs at CES 2025Detail
2024-12-20 15:54:19 1
-
Huolala's 2025 Spring Festival Freight Festival: Supporting Spring Festival Travel, Offering New Year Benefits to Users and DriversDetail
2024-12-20 13:38:20 1
-
The Third Meeting of the Third Council of the International New Energy Solutions Platform (INES): Charting a Blueprint for a "Dual Carbon" FutureDetail
2024-12-19 17:03:07 1
-
WeChat's Official Account Launches "Author Read Aloud Voice" Feature for Personalized Article ListeningDetail
2024-12-18 17:19:57 1
-
The 12th China University Students' Polymer Materials Innovation and Entrepreneurship Competition Finals Grand Opening in Guangrao CountyDetail
2024-12-18 16:04:28 1
-
Tracing the Ancient Shu Road, Winds of the Three Kingdoms: Global Influencer Shu Road Journey LaunchesDetail
2024-12-18 15:23:35 1
-
Seres: A Pioneer in ESG Practices, Driving Sustainable Development of China's New Energy Vehicle IndustryDetail
2024-12-17 16:20:26 1
- Detail
-
My Health, My Guard: Huawei WATCH D2 Aids Precise Blood Pressure Management in the Winter Health BattleDetail
2024-12-17 09:36:15 1
-
Investigation into the Chaos of Airline Seat Selection: Paid Seat Selection, Seat Locking Mechanisms, and Consumer Rights ProtectionDetail
2024-12-15 16:45:48 1
-
Japanese Scientists Grow Human Organs in Pigs: A Balancing Act of Breakthrough and EthicsDetail
2024-12-14 19:48:50 1
-
Pang Donglai and Sam's Club: Two Paths to Transformation in China's Retail IndustryDetail
2024-12-14 17:57:03 1
-
In-Depth Analysis of China's Precision Reducer Industry: Technological Innovation and Market CompetitionDetail
2024-12-14 16:04:26 1
-
Alibaba's "TAO" App Launches in Japan, Targeting High-Quality Service and Convenient LogisticsDetail
2024-12-13 13:22:23 1