A Sensible Solution for Addressing the CVE Explosion in IoT Devices


The number of CVEs (Common Vulnerabilities and Exposures) is nearing 250,000 at a rate exceeding over 30,000 per year. A recent report finds that for certain networking equipment each device contained an average of 1,267 software components and an average of 1,120 CVEs, of which, 473 were ranked as having Critical or High vulnerability, which is 200 times worse than what traditional scanners report. While these findings are for networking devices, they are very likely to also be true of most IoT devices. The problem seems to be primarily due to using open source components, which have extensive vulnerabilities and which bring in other components with even more vulnerabilities. Unfortunately, due to the cost and schedule savings achieved by using components in IoT firmware, this practice is not likely to end.

Read the full article at embedded.com