Evolving Landscape of Common Vulnerabilities and Exposures (CVE) Over the Last 20 Years
The Evolving CVE Landscape | F5 Labs 🔗
The text provides an analysis of the evolving landscape of Common Vulnerabilities and Exposures (CVE) over the last 20 years. It delves into various aspects such as the increasing number and diversity of vulnerabilities, the emergence of new vendors, the changing nature of weaknesses in software, and the shifting patterns in the language used to describe vulnerabilities. The report also highlights the growth in the number of published vulnerabilities and the discrepancies in severity assessments by different authorities. Additionally, it explores the historical development of CVE, the growth of the CVE landscape, and the topological features of vulnerabilities, including top vendors and common weakness enumerations. The text also identifies some peculiar trends and anomalies in the CVE landscape, providing insights into the complex nature of vulnerability data collection and interpretation.
- The CVE landscape has changed substantially over the last two decades, with an increasing number and widening variety of vulnerabilities
- The number of published CVEs is accelerating, with an expected 500 new CVEs per week in 2025
- The diversity of software weaknesses has increased, with the language used in CVE descriptions shifting to focus more on weaknesses and requirements
- The severity of CVEs, as measured by the CVSSv3 score, has not increased significantly over the last decade
- There are discrepancies in severity assessments by different authorities, such as CNAs and NVD
- The text also provides insights into the historical development of CVE and its key milestones
- The report highlights the emergence of new vendors and the growth of vulnerability data, with distinct periods of growth and decline in the weekly rate of CVE publication
- It identifies peculiar trends in the CVE landscape, such as the occurrence of spikes in vulnerability publication due to specific types of vulnerabilities
- The text also explores the top vendors and common weakness enumerations in the CVE landscape, along with anomalies and peculiar trends observed in vulnerability data