CERT
 
Publications Catalog Historical Documents CERT Contact Information CERT Statistics Meet CERT Employment Opportunities
 

Vulnerability Remediation Statistics

CERT publishes a variety of statistics related to the work performed in different areas of our program. Click the column headings for a definition of each category. For a complete list of the statistics we publish, refer to the CERT statistics page.

Vulnerability remediation is one of the primary areas of work at the CERT® Coordination Center (CERT/CC). The CERT/CC strives to both reduce the number of vulnerabilities introduced into software and reduce the risk posed by existing vulnerabilities. Our standard remediation process includes collecting reports of vulnerabilities, performing technical analysis, coordinating with affected vendors, and establishing a reasonable timeframe for disclosing information about the vulnerability.

Cataloged vulnerabilities

  • Q1, 2008
  • 1,474
  • 52
  • 2007
  • 7,236
  • 357
  • 2006
  • 8,064
  • 345
  • 2005
  • 5,990
  • 213
  • 2004
  • 3,780
  • 170
  • 2003
  • 3,784
  • 191
  • 2002
  • 4,129
  • 343
  • 2001
  • 2,437
  • 153
  • 2000
  • 1,090
  • -
  • 1999
  • 417
  • -
  • 1998
  • 262
  • -
  • 1997
  • 311
  • -
  • 1996
  • 345
  • -
  • 1995
  • 171
  • -
  • Totals
  • 39,490
  •  



Publications about vulnerabilities

  • Q1, 2008
  • 64
  • 12
  • 9
  • 2007
  • 366
  • 42
  • 31
  • 2006
  • 422
  • 39
  • 37
  • 2005
  • 285
  • 22
  • 11
  • 2004
  • 341
  • 27
  • 17
  • 2003
  • 255
  • -
  • -
  • 2002
  • 375
  • -
  • -
  • 2001
  • 326
  • -
  • -
  • 2000
  • 47
  • -
  • -
  • 1999
  • 3
  • -
  • -
  • 1998
  • 8
  • -
  • -
  • Totals
  • 2,492
  • 142
  • 105


Note: Rows in italic indicate documents published on behalf of US-CERT.


Column Definitions

  • Year - This column represents the calendar year, not fiscal year.

  • Total vulnerabilities cataloged - This column reflects the total number of vulnerabilities that we have cataloged based on reports from public sources and those submitted to us directly. Storing the information in our database allows our analysts to systematically record vulnerability data; helps provide insight into significant preconditions, impacts, and scope; and gives us a way to validate reports and recognize new classes of vulnerabilities.

  • From direct reports - This column reflects the total number of vulnerabilities we have cataloged based on vulnerabilities reported directly to us. We encourage people to report vulnerabilities so we can coordinate with affected vendors to resolve vulnerabilities while minimizing the risk to all stakeholders. To determine an approximate number of vulnerabilities from public sources, subtract the number of direct reports from the total vulnerabilities cataloged. The actual number may differ slightly because occasionally, vulnerabilities are reported directly to us and disclosed to the public at the same time.

  • Vulnerability Notes published - This column reflects the number of Vulnerability Notes we have published. These documents provide technical information and solutions to vulnerabilities that we have analyzed. Although we cannot publish information about every vulnerability, we make a concerted effort to publish information about the most critical and significant vulnerabilities. As of 2004, we publish these documents on behalf of US-CERT.

  • Technical Security Alerts published - This column reflects the number of Technical Security Alerts we have published in conjunction with US-CERT. These documents provide timely information about current security issues, vulnerabilities, and exploits.

  • Security Alerts published - This column reflects the number of Security Alerts we have published in conjunction with US-CERT. These documents provide timely information about current security issues, vulnerabilities, and exploits. They outline the steps and actions that non-technical home and corporate computer users can take to protect themselves from attack.

Vulnerability remediation statistics last updated April 14, 2008

Back to top