
88% increase in application library vulnerabilities over two years - lirantal
https://snyk.io/blog/88-increase-in-application-library-vulnerabilities-over-two-years/
======
guessmyname
> _In 2018 vulnerabilities disclosed […]_

More like 88% increase in _“disclosed”_ vulnerabilities.

The title of the post makes it sound like the vulnerabilities were introduced
and discovered in the last two years, but it is more likely that an increase
in interest in web and software security during the last two years allowed
people to discover more bugs than before. In other words, if I have a database
with 100 vulnerabilities in 2016, then I update the database with 100 more
vulnerabilities in 2018, that doesn’t mean that there was an increase in
vulnerabilities between those two years, it just means that my vulnerability
scanner got updated to track vulnerabilities that were already in the wild,
but it was not aware of until the update.

~~~
LocalPCGuy
Very possible, but the act of the vulnerabilities being disclosed makes them
more vulnerable unless it was disclosed responsibly and the responsible party
has already issued a fix. Even then, devs using the affected version now have
a known vulnerability out in the wild, which will be incorporated into
vulnerability scanners and scripted exploits and kits.

So whether it's due to an increase in interest or not, it is something that
needs to be taken seriously.

------
UncleMeat
I see that Snyk is still trying to claim credit for "discovering" zip
directory traversal vulns.

