Security_Vendors_CVEs.xlsx

	A	B	C	D	E	F	G	H	I	J	K	L	M
1						Updated on: Jan-01-2024
2	Number of Vulnerabilities and Average fix time (CVEs)
3		3 Years Critical - 2021-2023
4	Vendor	3Y # High/Critical Vulnerabilities	3Y Average Days to fix High/Critical
5	Check Point	2.00	1.00
6	PAN	32.00	29.88
7	Fortinet	98.00	8.95
8	Cisco	92.00	22.03
9
10		4 Years - 2020-2023
11	Vendor	4 Years Total #	4Y Average Time To Fix (days)	4Y # Critical Vulnerabilities	4Y Average Days to fix High/Critical
12	Check Point	38	15.76	2.00	1.00
13	PAN	162	54.94	79.00	59.73
14	Fortinet	339	31.81	103.00	16.48
15	Cisco	357	35.13	142.00	47.32
16
17		Total - 2016-2023
18	Vendor	# Of Vulnerabilities	Average Time To Fix (days)	# High/Critical	Average Days to fix High/Critical
19	Check Point	61	11.61	10.00	2.70
20	PAN	298	68.41	124.00	66.08
21	Fortinet	548	59.94	129.00	38.58
22	Cisco	569	37.64	218.00	42.33
23
24	Vendor	4Y Time2FIX VS. CP	4Y #Vuls VS. CP	4Y #High/Critical VS. CP	4Y Time2FIX High/Critical VS. CP	Total Time2FIX VS. CP	Total #Vuls VS. CP	Total #High/Critical VS. CP	Total Time2FIX High/Critical VS. CP
25	Check Point	Days Multiplier vs. CP	# Multiplier vs. CP	Amount Multiplier VS. CP	Days Multiplier vs. CP	Days Multiplier vs. CP	# Multiplier vs. CP	Amount Multiplier VS. CP	Days Multiplier vs. CP
26	PAN	x3	x4	x40	x60	x6	x5	x12	x24
27	Fortinet	x2	x9	x52	x16	x5	x9	x13	x14
28	Cisco	x2	x9	x71	x47	x3	x9	x22	x16
29
30	Total Vulnerabilities per year
31	Vendor	4 Years Total Number of Vulnerbilities	Total Since 2016	Average Per Year Since 2016	2023	2022	2021	2020	2019	2018	2017	2016
32	Check Point	38.00	61.00	7.63	2	6	22	8	11	6	1	5
33	PAN	162.00	298.00	37.25	23	24	38	77	46	16	32	42
34	Fortinet	339.00	548.00	68.50	89	87	99	64	76	63	46	24
35	Cisco	357.00	569.00	71.13	42	137	73	105	73	45	59	35
36
37	Critical+High Vulnerabilities only
38	Vendor	4 Years Number of High / Critical Vulnerbilities	3 Years Number of High / Critical Vulnerbilities	Total Since 2016	Average Per Year Since 2016	2023	2022	2021	2020	2019	2018	2017	2016
39	Check Point	2	2	10.00	1.25	1	1	0	0	2	3	1	2
40	PAN	79	32	124.00	15.50	2	9	21	47	16	3	7	19
41	Fortinet	103	98	129.00	16.13	35	32	31	5	11	7	6	2
42	Cisco	142	92	218.00	27.25	15	44	33	50	24	16	23	13
43
44
45
46
47
48	methodology
49	Resource - public advisory of each vendor & OSNIT
50	Total Vul = total CVEs + Vulnerabilities without CVEs
51	Internal vulnerabilities, vulnerabilities fixed before public source/advisory published or no information present = counted as 0 days to fix (same day fix)
52	Vulnerabilities fix date was taken for the 1st version released after the advisory
53	In case of multiple product types, last fixed product family date was taken
54	Informational Alerts/Advisory were not included
55	Non-impact or Disputed CVEs werent included
56	Include only security enterprise products
57	CVE Rating was taken from the vendor site
58	Counted Critical+High based on vendor's own rank
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100