New Research! 25 Years of Vulnerabilities: 1988-2012

What has been the most important type of vulnerability in the last 25 years? What percentage of total vulnerabilities did this represent? Which browser truly had the most critical vulnerabilities? In this research, Yves Younan, senior research engineer with Sourcefire’s Vulnerability Research Team (VRT), answers these questions and more based on his analysis of the last 25 Years of Vulnerabilities: 1988-2012. Younan analyzed data available from the Common Vulnerabilities and Exposures (CVE) [1] database, an international standard for vulnerability numbering or identification, as well as the National Vulnerability Database (NVD) [2] at the National Institute of Standards and Technology (NIST), for this report.

Register now to receive the report after it is unveiled at RSA Conference!

Please complete the form to the right, and we will email you a link to download your report.


1The CVE database started in 1999, but also includes some historical data from prior years, going back to 1988. Including the most recent data through 2012, the CVE database provides 25 years of information on vulnerabilities to assess. Not every vulnerability is assigned a CVE so unassigned CVEs are not counted.
2Normalization to the NIST data with respect to vulnerability categorization was necessary to provide more complete statistics. Additional details on the methodology used for modifying the NVD data is provided at the end of the report.