A new report from Risk Based Security found 2016 set the all-time high record for the number of software vulnerabilities disclosed: 15,000.
To create the 2016 Year End VulnDB QuickView report, Risk Based Security only included information on distinct vulnerabilities. In other words, "if a product includes vulnerable code from third party dependencies it is not treated as a new vulnerability."
Here are five things to know about Risk Based Security's report.
1. Risk Based Security detected 15,000 vulnerabilities in 2016 as of Jan. 23, 2017. This compares to 14,982 vulnerabilities in 2015 and 14,206 vulnerabilities in 2014.
2. Approximately 53.5 percent of the total vulnerabilities in 2016 were web-related.
3. The majority (81.3 percent) of 2016 vulnerabilities have a documented solution.
4. Nearly half (48.9 percent) of 2016 vulnerabilities can be remotely exploited.
5. About 1.3 percent of 2016 vulnerabilities were caused by vendor bug bounty programs, or programs that reward individuals for finding and reporting software bugs. Another 4.8 percent of vulnerabilities were coordinated through third party bug bounty programs.