SynSaber researchers dug into the 680+ CVE Advisories released by CISA in the first half of 2022. Our inaugural 12-page research report covers:
• Who is reporting the majority of CVEs?
• How many CVEs have a low probability of exploitation?
• What remediations (if any) are available?
• Overall, what percentage of reported CVEs actually matter to those in critical infrastructure?
With increased discussion around ICS vulnerabilities, we wondered: What could be discovered if we looked at reported Common Vulnerabilities and Exposures (CVEs) from a different perspective? What questions could be answered from the 680+ CVEs reported via the Cybersecurity and Infrastructure Security Agency (CISA) ICS Advisories in the first half of 2022? With our curiosity peaked, SynSaber researchers went to work.
The sheer volume of reported ICS vulnerabilities & CVEs may cause critical infrastructure asset owners to feel overwhelmed, or not know where best to begin. But the figures seem less daunting when we understand what percentage of CVEs are pertinent and actionable, vs. which will remain “forever-day” vulnerabilities, at least for the time being.
Here’s a sneak peek of some CVE stats you’ll find in the Report:
