Trustwave Spiderlab says in a new report that it expects the number of CVEs published in 2022 to exceed 2021. (Air Force)

The number of common vulnerabilities and exposures (CVEs) published in the National Vulnerability Database (NVD) is up 5% at the halfway point of 2022 compared with the number of critical vulnerabilities at the same time last year (13%).

Even though the figure is an increase over last year, Trustwave Spiderlabs’ 2022 Telemetry Report shows that the number is only 36% of the total published in 2021 and is still expected to increase between 5% and 13% over last year’s CVEs.

But the news isn’t all bad from the report. The author said companies are likely to patch their systems in a timely manner and are more aware of security than they were last year, with less than 10% of the organizations they scanned still being affected by critical vulnerabilities.

“Key observations from this report show that companies finally understand the necessity of having a solid security posture,” Jason Villaluna wrote.

The top three weaknesses Spiderlabs researchers observed were common in command injection and remote code execution vulnerabilities. 

As new technologies are introduced, so too are the unintentional vulnerabilities that go unnoticed in the development process. 

“Threat actors continuously scan the internet to gain the advantage of those organizations with slow or outdated patching process,” Vullaluna wrote, adding that having a proactive approach to identifying and patching vulnerabilities is incredibly important to having a good security posture.