Vulnerability Management, Patch/Configuration Management

Expert: Vulnerability prioritization is a persistent problem

VulnCheck Vice President of Security Research Caitlin Condon said that vulnerability management prioritization remains a challenge among defenders, particularly as only 1% of over 40,000 of the disclosed vulnerabilities last year were exploited in the wild, according to CyberScoop.

The report from VulnCheck highlighted that traditional CVSS ratings lose significance for prioritizing security work, and many teams now focus on known exploited vulnerabilities to concentrate on verified risks. Network edge devices were heavily targeted, accounting for 28% of the products impacted by KEV.

Microsoft, VMware, Oracle, Ivanti, SonicWall, and Fortinet products appeared repeatedly in targeted vulnerability lists. High-profile attacks included four SharePoint zero-days, compromising over 400 organizations, and React2Shell, which had 236 public exploits within a month. VulnCheck emphasized that vulnerabilities are widespread across different forms of technology.

"We've got to start assessing ruthlessly and immediately how technology needs to evolve to be more resilient to these attacks over the long term," said Condon.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds