ReversingLabs Analysis Reveals Need to Expand National Vulnerability Database to Include Emerging Software Supply Chain Flaws – GlobeNewswire

| Source: ReversingLabs US, Inc. ReversingLabs US, Inc.
Cambridge, Massachusetts, UNITED STATES
CAMBRIDGE, Mass., Aug. 11, 2022 (GLOBE NEWSWIRE) —  ReversingLabs, the leader in software supply chain security, today released a new research report titled, “NVD Analysis 2022: A Call to Action on Software Supply Chain Security,” that predicts 2022 will exceed the previous record for new vulnerabilities reported to the National Vulnerability Database (NVD) — a record that was set in 2021. The analysis predicts that more than 24,000 CVEs (common vulnerabilities and exposures) will be registered with NVD in calendar year 2022, a 22% increase since 2021.

But the surge in new CVEs reported to the NVD is less reflective of a decline in software quality than to the broader scope of the NVD and the growing number of companies and countries participating as CVE Numbering Authorities (CNAs), ReversingLabs analysis concludes, based on research conducted by Lemos Associates.
For application development teams and those responsible for software security, however, a notable rise in software supply chain attacks should serve as a call to action. It is also a call for reform. The NVD is a critical resource for both software development and security organizations; its scope should expand beyond common software vulnerabilities on legacy platforms to better reflect the breadth of security exposures (the “E” in CVE) — including malware injection, software tampering and secrets exposure, which threaten software supply chain integrity.
Among the key findings of ReversingLabs’ new report:
ReversingLabs’ full report, “NVD Analysis 2022: A Call to Action on Software Supply Chain Security,” contains full details on the research and is available now. To learn more about the findings, you can also access the report highlights and infographic.
About ReversingLabs
ReversingLabs empowers modern software development and security operations center teams to protect their software releases and organizations from sophisticated software supply chain security attacks, malware, ransomware, and other threats. 
The ReversingLabs Titanium Platform analyzes any file, binary, or object, including those that evade traditional security solutions. It’s a hybrid-cloud, privacy centric, platform that unifies Dev and SOC teams with transparent and human readable threat analysis, arming developers, DevSecOps, SOC analysts and threat hunters to confidently respond to software tampering and security incidents. 
ReversingLabs data is used by more than 65 of the world’s most advanced security vendors and their tens of thousands of security professionals. ReversingLabs enterprise customers span all industries, leveraging integrations with popular DevSecOps and SOC platforms that enable teams to access the analysis they need to make quick security verdicts, eliminate threats, and release software with confidence.
Media Contact:
Doug Fraim, Guyer Group
[email protected]
A photo accompanying this announcement is available at