Security metrics vendor Risk Based Security has released a new report showing that the company found 15,000 bugs in software during 2016 — a slight increase from 14,982 bugs found in 2016. More importantly, a high percentage of the 2016 bugs represented a significant risk: 24 percent were “critical,” 17 percent were “high-severity” and nearly half could be exploited remotely.
“We are spending all this time and effort and money on security, but we are not seeing a decrease in vulnerabilities,” said Jake Kouns, chief information security officer for Risk Based Security. “You would think with all the money being spent, things would be getting better, but they are not.”