A report by Recorded Future has found that Russia's vulnerability database, while highly focused, is incomplete and slow, and only publishes 10% of known vulnerabilities.
Run by the military organization, Federal Service for Technical and Export Control of Russia (FSTEC), the vulnerability database, also known as BDU, has published only 11,036 vulnerabilities of the 107,901 Common Vulnerabilities and Exposures (CVEs) reported by NVD (approximately 10%). FSTEC populates the BDU database with vulnerabilities that primarily present a threat to Russian state information systems. This gives researchers information on which technologies, hardware, and software are used on Russian government networks.
The report highlights that FSTEC didn't start publishing vulnerability data until 2014, roughly 15 years after the US NVD was established, but still covered 25% of the CVEs from years before the database was started. Furthermore, among the vulnerabilities that FSTEC published the fastest, 75% were vulnerabilities for browsers or industrial control-related software.
No tags.
