The company delves into the threats to offer defenders a better understanding of what constituted dangerous vulnerabilities in 2020, says Caitlin Condon, manager of software engineering at Rapid7. There was a pervasive feeling in the information-security community, especially among defenders, that the sky was falling nearly all the time, she says. It is often very difficult for the people in charge of security to look at all the research materials and all the artifacts at all the information about a vulnerability and determine why a vulnerability may matter or not matter for their risk model.
In the report, Rapid7 breaks down the threats into flaws exploited indiscriminately in widespread attacks (28%), security issues often, zero-day vulnerabilities used in targeted attacks (32%), and vulnerabilities the company considers to be impending threats (40%).