Fifty-four zero-day vulnerabilities were discovered last year, according to a report released this morning by Symantec, more than double that of 2014, and the number of mega-breaches of more than 10 million records also hit a record high.
In fact, the number of newly-discovered vulnerabilities stayed between eight and 15 a year since 2006, then jumped to 23 in 2013 and 24 in 2014, leading researchers to hope that it had reached a new plateau.
Instead, last year’s 125 percent increase in zero-days was a sign of the increasing professionalization of the industry.
“People figured out that they could make money by finding zero-day vulnerabilities and selling them to attackers,” said Kevin Haley, director of security response at Symantec. “So there became a marketplace, and these things started to have value, and people started to hunt for them.”