Primary Author of the 2016 Verizon Data Breach Investigations Report – “Vulnerabilities” Chapter

Kenna’s Chief Data Scientist Michael Roytman was the primary author of this year’s “Vulnerabilities” chapter, analyzing a correlated threat data set that spans 200M+ successful exploitations across 500+ common vulnerabilities and exposures from over 20,000 enterprises in more than 150 countries.

Chapter Highlights

  • Half of all exploitations happen between 10 and 100 days after the vulnerability is published, with the median around 30 days.
  • Attackers automate certain weaponized vulnerabilities and spray and pray them across the internet, sometimes yielding incredible success.
  • We are treading water—we aren’t sinking in new vulnerabilities, but we’re also not swimming to the land of instantaneous remediation and vuln-free assets.

“While the top 10 vulnerabilities accounting for 85% of successful exploit traffic, the other 15% consists of over 900 CVEs, which are also being actively exploited in the wild.”

  • Establish a process for vulnerability remediation that targets vulnerabilities which attackers are exploiting in the wild, followed by vulnerabilities with known exploits or proof-of-concept code.
  • If you have a system that cannot be patched or receive the latest-and-greatest software update, apply other risk mitigations in the form of configuration changes or isolation

Additional Resources

CVSS Under Fire: Michael Roytman on the Prioritization Problem

Reporting on Risk to the Board: Tips from a CISO

Behind the Kenna Prioritization Algorithm

Free Kenna 15-Day Trial

“ Half of all exploitations happen between 10 and 100 days after the vulnerability is published. ”


Access data-backed recommendations for improving your remediation strategy in the Verizon Data Breach Investigations Report.

Download Now