January 8, 2024 at 06:18AM
The number of CNA organizations and CVE identifiers increased in 2023. There were 28,902 published CVEs with an average of 80 new CVEs per day, and the average CVSS score was 7.12. The number of new CNAs announced increased to 84, totaling nearly 350 CNAs from 38 countries. The top CNAs included Microsoft, VulDB, GitHub, and WordPress security companies. The most commonly assigned CWE identifier was XSS, followed by SQL injection vulnerabilities.
Based on the meeting notes provided, here are the key takeaways:
1. The number of Common Vulnerabilities and Exposures (CVE) identifiers assigned in 2023 has increased compared to the previous year, with a total of 28,902 CVEs published, averaging nearly 80 new CVEs per day.
2. The average CVSS score of the 2023 CVEs was 7.12, with 36 vulnerabilities assigned a score of 10.
3. The number of new CVE Numbering Authorities (CNA) announced in 2023 increased to 84, up from 56 in 2022. Currently, there are nearly 350 CNAs from 38 countries.
4. Various types of organizations have become new CNAs, including independent hacking groups, software organizations, hardware makers, government agencies, cybersecurity firms, and printing giants.
5. 250 CNAs published at least one CVE in 2023, with Microsoft, VulDB, GitHub, and WordPress security companies WPScan and PatchStack being the top CNAs.
6. The most commonly assigned type of Common Weakness Enumeration (CWE) identifier was CWE-79, improper neutralization of input during web page generation, also known as cross-site scripting (XSS), with over 4,100 CVEs assigned to XSS vulnerabilities last year.
These are the key takeaways from the meeting notes. Let me know if you need any further information or assistance.