Analysis of the NIST National Vulnerability Database shows that security teams were under siege in 2020 and into the first part of 2021 defending against an unprecedented number of flaws. Today’s columnist, Ed Bellis of Kenna Security, cautions that CVSS scores don’t always tell the full story.
While Apple gets headlines for discovering zero-days, today’s columnist, Ed Bellis of Kenna Security, says true zero-days are rare. Bellis says the vast majority of vulnerabilities are patched before CVE publication. However, in the rare case when exploits predate the availability of a patch, attackers get a 47-day head start – and that’s something security teams need to focus on.