This report is designed to provide developers, DevOps engineers, security researchers, and information security leaders with timely, relevant insight on the security vulnerabilities aiming to inject risks into their software supply chains. The information provided herein will help you make more informed decisions on how to prioritize remediation efforts to address and mitigate the potential impact of all known software vulnerabilities, to ensure your products and services are secure.
JFrog is in a unique position to detail the impact of security vulnerabilities on software artifacts actually in use within today’s FORTUNE 100 companies. Thus the JFrog Security Research team compiled this first edition of the JFrog annual Critical Vulnerability Exposures (CVEs) report providing an in-depth analysis of the top 10 most prevalent vulnerabilities of 2022, their “true” severity level, and best practices for mitigating the potential impact of each.
This report is based on a sampling of the vulnerabilities most often detected in the calendar year 2022 via anonymous usage statistics from the JFrog Platform.
This analysis constructs the JFrog Security Research severity rating for each of the top 10 most prevalent CVEs in 2022, outlines the notable lessons learned from each, and offers guidance to help increase your security posture for 2023.
In addition to each in-depth CVE assessment, this report provides a trend analysis of the total number of CVEs from previous years that affected the same software components to help deduce which software components are likely to remain vulnerable in 2023.