Real-world analysis finds the severity of many CVEs is overrated

The latest report from JFrog looks at the most prevalent vulnerabilities in 2022 with an in-depth analysis of open source security vulnerabilities that have most impact for DevOps and DevSecOps teams. The report shows that the severity of six of the top 10 CVEs was overrated, meaning they scored higher in the NVD rating than in JFrog's own analysis. In addition the CVEs appearing within enterprises most frequently are low-severity issues that were simply never fixed. Of the top 50 prevalent CVEs found in Artifactory, 64 percent were overrated, 26 percent were equal, and 10 percent were actually underrated. It… [Continue Reading]