Prioritization to Prediction Volume 6: The Attacker-Defender Divide

The sixth volume of the Prioritization to Prediction series produced in conjunction with the Cyentia Institute explores the lifecycle of 473 vulnerabilities with evidence of exploitation in the wild. Learn what really happens after a vulnerability is discovered. This report reveals surprising insight into when and where attackers and defenders have (and trade) momentum, the effectiveness of responsible vulnerability disclosure and exploit development, and much more.

Download the full research report to learn more about the key findings:

• Attackers gain the momentum when exploit code is made public prior to the release of a patch
• Over 80% of exploited vulnerabilities have a patch available by the time of CVE publication, but about a third of vulnerabilities have exploit code published before a patch is available
• Only 6% of exploits were detected by more than 1/100 organizations (3/4 were detected by less than 1 in 11,000 organizations)
• There is no “typical” vulnerability lifecycle. Only 16% of the CVEs studied followed the most common sequence of Reserved-Patched-Scanned-Published-Exploited