Whenever I ponder the vastness of space and our limited ability to observe only the Milky Way, I am utterly fascinated. It took us thirty years to position the James Webb Telescope at the Lagrange point (L2), offering us a mere glimpse into events that unfolded millions of years ago.
Trying to grasp the enormity of the universe is beyond my comprehension. Despite the daily discoveries, there’s infinitely more that remains undiscovered. Especially given the universe’s expansion, there are mysteries out there we will never uncover.
This line of thought was sparked by a video from Kurzgesagt, one of my favorite YouTube channels, that I watched before bed.
It was early morning today, and my thoughts slowly shifted toward the vulnerabilities I had analyzed yesterday. As I was making my first cup of coffee, a question popped into my head:
Do we even know the total number of software products or libraries on this planet?
The surge in vulnerabilities is alarming. With more ethical hackers, vulnerability researchers, and bug bounty hunters than ever, one wonders if we’re truly making progress in bridging the security gap or if I’m just being naïve in our battle against cybercrime?
The truth is complex and varies depending on perspective, yet data is always a solid starting point. So, I took a sip of my coffee and hit enter, awakening my computer from its snooze to begin the day’s work. I booted up my tools and connected to our data store.
The “Common Platform Enumeration” is a dictionary that defines and categorizes classes of applications, operating systems, and hardware devices within an enterprise’s computing assets.
According to our data, the CPE dictionary lists 1.2 million products, including various versions (to be precise, 1,262,117 products). Imagine this as the number of planets we’ve cataloged so far!
However, I’m convinced there are far more software packages and products out there than we’ve managed to document, like undiscovered galaxies up in the sky. Some software has dodged our records, and now it might be too late to catalog them.
This led me to wonder about the proportion of these technologies that have been identified with vulnerabilities. The figure stands at only 108,971, which is approximately 0.09%.
Reflecting on my career, I realize that I’ve never encountered a piece of vulnerability-free software. This observation isn’t born from cynicism but rather from a realistic acknowledgment of the complexity and inherent challenges in software development. Just like the uncharted corners of the universe, there’s always something new lurking in the digital cosmos, waiting to be discovered—or, in the case of cybersecurity, hoping to remain undetected.
The fact that only 0.09% of the documented 1.2 million products have identified vulnerabilities is a stark reminder of our ongoing battle with the unknown. It’s a bit like peering into the night sky; we know there are countless stars and galaxies beyond our sight, yet our understanding is limited to the few we can observe. Similarly, in the vast expanse of software and digital products, we’ve only scratched the surface, managing to uncover vulnerabilities in a teeny-tiny fraction of what exists.
This realization isn’t meant to discourage but to inspire a sense of humility and drive. In both astronomy and cybersecurity, we are pioneers on a never-ending expedition. Each vulnerability we uncover and address doesn’t just patch a hole; it adds to our collective understanding, making us more adept at navigating and safeguarding this digital universe. Just as astronomers use each discovery to build a more comprehensive map of the cosmos, we use every identified vulnerability to enhance our defenses and strategies.
However, the analogy also serves as a cautionary tale. The vastness of the universe and the ever-expanding digital landscape remind us of the importance of vigilance and continuous exploration. We must remain curious, always seeking to uncover the next vulnerability, the next threat, before it can cause harm. Our journey is perpetual, our work never truly done. Just as the universe continues to expand, so too does the scope of our digital environments and the potential for new vulnerabilities.
As I finish writing this, I think it’s time for my second coffee of the day.
Leave a Reply