VulnCheck Vice President of Security Research Caitlin Condon said that vulnerability management prioritization remains a challenge among defenders, particularly as only 1% of over 40,000 of the disclosed vulnerabilities last year were exploited in the wild, according to CyberScoop.The report from VulnCheck highlighted that traditional CVSS ratings lose significance for prioritizing security work, and many teams now focus on known exploited vulnerabilities to concentrate on verified risks. Network edge devices were heavily targeted, accounting for 28% of the products impacted by KEV.Microsoft, VMware, Oracle, Ivanti, SonicWall, and Fortinet products appeared repeatedly in targeted vulnerability lists. High-profile attacks included four SharePoint zero-days, compromising over 400 organizations, and React2Shell, which had 236 public exploits within a month. VulnCheck emphasized that vulnerabilities are widespread across different forms of technology."We've got to start assessing ruthlessly and immediately how technology needs to evolve to be more resilient to these attacks over the long term," said Condon.
Vulnerability Management, Patch/Configuration Management
Expert: Vulnerability prioritization is a persistent problem

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



