Humans make mistakes, software has bugs and some of these bugs are exploitable vulnerabilities. The existence of vulnerabilities in software is not a new problem, but as the volume of software in existence grows, so does the number of exploitable vulnerabilities. Learn more about this worrisome trend in an interesting Security Boulevard article.
In the last couple of years, over 22,000 new vulnerabilities have been discovered each year. This does not include all of the vulnerabilities that have been previously discovered and reported. Currently, over 139,000 CVEs exist, and not every publicly disclosed vulnerability is assigned a CVE.
Keeping up with the flood of new vulnerabilities is a challenge for any organization. In 2019 alone, an average of 61 new vulnerabilities were reported daily. Even though an organization would likely be affected by a fraction of these, it is necessary to check if each vulnerability is applicable; if it is, the organization must test the patch, apply it and verify that it is applied successfully. This assumes that an organization is currently up-to-date on patching, and many are not.