1、2023 Flexera|Company Confidential 1 FLEXERA 2022 Software Vulnerability and Threat Intelligence Report Jeroen Braak Based on data from Secunia Research 2023 Flexera|Company Confidential 2 Reuse We encourage the reuse of data,charts and text published in this report under the terms of this Creative C

2、ommons Attribution 4.0 International License.You are free to share and make commercial use of this work as long as you attribute the Flexera 2022 Software Vulnerability&Threat Intelligence Report as stipulated in the terms of the license.2023 Flexera|Company Confidential 3 Contents Reuse.2 Introduct

3、ion.5 2022 summary.7 Advisories breakdown.9 Compared to previous years.9 Advisory criticality and attack vector.10 Advisories and rejected advisories.11 Rejected advisories.11 Addressing awareness with vulnerability insights.13 Prevelance:.13 Asset sensitivity:.13 Criticality:.13 Threat intelligence

4、:.13 How do we know that more insights/data is needed?.14 Take away 1:.14 Take away 2:.14 Vendor view.15 Top vendors with most advisories.15 Top vendors with highest average threat score.16 Top vendors with zero-days.17 Top ten products with the most zero-days reported in 2022.18 Browser-related adv

5、isories.19 Advisories per browser.19 Browser zero-day vulnerabilities.19 Average CVSS(criticality)score per browser.20 Average threat score per browser.20 Networking-related advisories.21 Number of advisories per networking-related vendor.21 Average threat and CVSS score per networking-related vendo

6、r.21 Threat intelligence.22 Count of malware-exploited CVEs.22 Count of advisories by CVE threat score.22 Threat intelligence advisory statistics:.22 2023 Flexera|Company Confidential 4 Patching.23 Vulnerabilities that are vendor patched.23 SVM patch statistics.24 Updated patches per month in SVM.24