
News Summary:
A record-breaking 20,130 software vulnerabilities were reported in 2021 - 55 a day on average. However, only 4% of them pose a high risk to organizations.
An organization can greatly reduce its chance of breach, or exploitability score, by up to 29 times by first fixing high-risk vulnerabilities with public exploit code and having a high remediation capacity.
Using Twitter mentions to prioritize software fixes is twice as effective at reducing exploitation as the industry-standard Common Vulnerability Scoring System (CVSS).
SAN JOSE, Calif., Jan. 19, 2021 - New research has quantified the success of various strategies for vulnerability management and the exploitability of entire organizations, expanding the risk-based playbook for cybersecurity practices.
With an average of 55 new software vulnerabilities published every day in 2021, even the best staffed and resourced IT teams cannot fix all of the vulnerabilities across their infrastructures. Fortunately, there is a better solution.
The research conducted by, Kenna Security, now part of Cisco and a market-leader in risk-based vulnerability management, and the Cyentia Institute, shows that properly prioritizing vulnerabilities to fix is more effective than increasing an organizations' capacity to patch them, but having both can achieve a 29 times reduction in an organizations' measured exploitability.
The findings are explained in Kenna's latest report, Prioritization to Prediction, Volume 8: Measuring and Minimizing Exploitability.
Exploitations in the wild used to be the best indicator for which vulnerabilities security teams should prioritize. Now we can show the likelihood of a particular organization being exploited, which is what we've always wanted to do, said Ed Bellis, co-founder and chief technology officer of Kenna Security, now part of Cisco. This gives organizations a much better chance at combating potential cyber threats effectively and the research shows that our customers are successfully managing their vulnerability risk every day.
Exploitability was determined using the open Exploit Prediction Scoring System (EPSS); a cross-industry effort including Kenna Security and the Cyentia Institute that is maintained by FIRST.org.
The research confirms a recent Cybersecurity and Infrastructure Security Agency (CISA) directive that suggests it's wiser to move away from prioritizing fixing of vulnerabilities based on CVSS scores and instead focus on high-risk vulnerabilities. Analysis shows that factors like exploit code and even Twitter mentions are better signals than CVSS scores.
Its clear that a shift to exploitability is going to make a huge difference based on the data and findings in this report. An analysis of CISAs published vulnerabilities suggests that they may also be moving course away from CVSS scores as we were conducting this research, said Wade Baker, partner and co-founder of Cyentia Institute. We took it a step further to account for remediation velocity when making our calculations, which should better inform security teams.
The research also suggests that:
Nearly all (95%) IT assets have at least one highly exploitable vulnerability.
Prioritizing vulnerabilities with exploit code is 11 times more effective than CVSS in minimizing exploitability.
Most (87%) organizations have open vulnerabilities in at least a quarter of their active assets, and 41% of them show vulnerabilities in three of every four assets.
A strong 62% majority of vulnerabilities have less than a 1% chance of exploitation. Only 5% of CVEs exceed 10% probability.
Additional Resources
Read the full report, Prioritization to Prediction, Volume 8: Measuring and Minimizing Exploitability, the latest installment of Kenna Security's series
Read the blog
Engage with Kenna on Twitter, Facebook, and LinkedIn.
About Cisco
Cisco (NASDAQ: CSCO) is the worldwide leader in technology that powers the Internet. Cisco inspires new possibilities by reimagining your applications, securing your data, transforming your infrastructure, and empowering your teams for a global and inclusive future. Discover more on The Network and follow us on Twitter.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Ciscos trademarks can be found at www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
Most recent headlines
06/10/2025
France T l visions, France's leading broadcaster, has received the 2025 EBU ...
04/09/2025
Monumental Sports & Entertainment (MSE), in collaboration with Dalet, has been a...
16/06/2025
By Bailey Pennick
One of the most exciting things about the Sundance Film Festi...
16/06/2025
The Cannes Lions International Festival of Creativity is officially underway for...
16/06/2025
On Spotify, francophone content continues to cross borders at an unprecedented rate. In 2024 alone, more than 123 million listeners worldwide streamed audio con...
16/06/2025
TYSONS, Va. Tegna Inc. is embarking on a notable expansion of their already substantial local news programming by launching live and on-demand, local newscasts ...
16/06/2025
Netflix has announced that it is expanding its global programmatic ad offerings by partnering with Yahoo DSP. This will enable brands to buy Netflix advertising...
16/06/2025
Instrument now boasts full NKS support
Sub51 and Soundtrax have just announced the launch of an updated and improved version of their innovative sample-base...
16/06/2025
NEW YORK In a landmark agreement to overtake the burgeoning connected TV (CTV) advertising market, Amazon Ads and Roku today announced a new integration that gi...
16/06/2025
ATLANTA, BALTIMORE, CINCINNATI and IRVING, Texas The four major broadcast groups behind the ATSC 3.0-based EdgeBeam Wireless datacasting joint venture today nam...
16/06/2025
BURLINGTON, Mass. Avid today announced an extended agreement with Amazon MGM Studios to integrate Avid's Media Composer and Avid NEXIS on Amazon Web Service...
16/06/2025
Maxon, maker of powerful, approachable software for creators working in 2D and 3D design, motion graphics, visual effects, gaming and more, today announced the ...
16/06/2025
Alfalite, the only European manufacturer of LED displays, announces the launch of SKYPIX RGBW & IM, a new series of ceiling-mounted LED panels designed specifi...
16/06/2025
Two new compact 4HP modules introduced
ALM/Busy Circuits have just announced the launch of two new Eurorack modules, the Pip Filter and Pip LFO, both of whi...
16/06/2025
16 Jun 2025
VEON Announces USD 35 Million Share Buyback Announcement marks the third phase of USD 100 million share buyback program
Dubai, June 16, 2025: VEON...
16/06/2025
Save 40% or More on All Ivory II Collections!From now through June 30th, enjoy huge savings on all Ivory II Piano Collections. Our biggest discounts ever are be...
16/06/2025
Behind The Broadcast Booth, Ep. 3: Golf. My Future. My Game. Founder and CEO Cra...
16/06/2025
The REMI Revolution Is Here: How Remote Production Technology in Esports Pioneer...
16/06/2025
From Super Bowl to Indy 500, New Orleans Artist Frenchy' Captures Energy of...
16/06/2025
NFL Films Enhances Post Studio With Dolby Atmos Audio Forty-three channels of audio enable the facility to migrate to immersive By Dan Daley, Audio Editor
Mo...
16/06/2025
SVG New Sponsor Spotlight: Storj's David Colantuoni on Expanding Cloud-Based...
16/06/2025
Grass Valley 4K Cameras Head to Greece for View Master Events' New OB Truck By Ken Kerschbaumer, Editorial Director
Monday, June 16, 2025 - 2:33 pm
Pri...
16/06/2025
Monday 16 June 2025
Sky Arts' Access All Arts Week, a free nationwide arts ...
16/06/2025
Monday 16 June 2025
Families and children are invited to dress up, have fun and raise money to protect nature
WWF UK and Sky Kids are teaming up to launch Wea...
16/06/2025
The Rohde & Schwarz R&S M3AR radio family reaches 10,000 unit milestone, demonst...
16/06/2025
FOX Advertising Launches Enhanced Brand Storytelling Program with Strategic Inve...
16/06/2025
Run with Ray is back! RT Radio 1's The Ray D'Arcy Show hits the road th...
15/06/2025
July 2025 in Dublin, Berlin, Amsterdam & London
Photo: Thea Martre
Music Production for Women (MPW) have announced that they will be running a series of fo...
15/06/2025
Composer/producer launches free virtual instruments
Sulcata Sound is the latest venture of Jason Graves, a two-time British Academy Award-winnning composer,...
14/06/2025
NEW YORK Pluto TV and the All Womens Sports Network have launched a free ad-supported streaming TV (FAST) AWSN channel in the U.S., Canada, the U.K. and the Nor...
14/06/2025
NEW YORK and CINCINNATI E.W. Scripps has announced a new, multiyear agreement with the WNBA that will continue Ions regular-season coverage of the league on Fri...
14/06/2025
WASHINGTON The National Association of Broadcasters highlighted the hidden importance of spectrum in the production of major sporting events and described wha...
14/06/2025
WASHINGTON Sunsetting ATSC 1.0, expanding business opportunities for NextGen Broadcast and increasing international adoption of the ATSC 3.0 standard were top o...
14/06/2025
SAN FRANCISCO Samba TV and Acxiom have announced that they will dramatically expand their longstanding relationship....
14/06/2025
July 2025 in Dublin, Berlin, Amsterdam & London
Photo: Thea Martre
Music Production for Women (MPW) have announced that they will be running a series of fo...
14/06/2025
San Francisco State University's School of Cinema Uses Blackmagic Design
Brie Clayton June 13, 2025
0 Comments
More than 40 Blackmagic Design came...
14/06/2025
Boris FX Mocha Pro Adds New AI Tools To Tackle VFX Tasks Fast
Jessie Electa Petrov June 13, 2025
0 Comments
The 2025.5 release helps artists work more...
14/06/2025
AJA Debuts DRM2-Plus Mini-Converter Frame at InfoComm 2025
Brie Clayton June 13, 2025
0 Comments
Next-gen frame addresses diverse rackmount needs wit...
13/06/2025
(L-R) Lindsay Utz, Michelle Walshe, and The Right Honourable Dame Jacinda Ardern attend the 2025 Sundance Film Festival premiere of Prime Minister at Eccles T...
13/06/2025
Photo credit: Atsushi Nishijima
If you're a true lover of rom-coms, chances...
13/06/2025
Pure Drama and Fierce Rivalries set to dominate the world's most iconic spor...
13/06/2025
Johannesburg, 12 June 2025 - The National Film and Video Foundation (NFVF), an a...
13/06/2025
ABILENE. Texas A severe storm knocked down the tower and severely damaged the news studio and main facility of Sinclair-owned KTXS here on Sunday, June 8....
13/06/2025
Berklee's Music Business/Management Department Recognized by the Music Biz A...
13/06/2025
WASHINGTON The ATSC, the Broadcast Standards Association, honored veteran technologist Aldo Cugnini and Clarence Hau, Senior Vice President of Standards, Policy...
13/06/2025
(Editor's note: The 2025 UFL Championship Game between the D.C. Defenders and Michigan Panthers kicks off Saturday, June 14, at 8 p.m. Eastern. The game wil...
13/06/2025
New iPad/iPhone synth App announced
Following on from last year's release of Gradient Synth - which reached #6 on the App Store's Paid Music charts ...
13/06/2025
LONDON Warner Bros. Discovery has announced that HBO Max will launch direct-to-consumer in multiple new countries this July as the streamer becomes available in...
13/06/2025
AI voice transcription and captioning platform Verbit has added a new feature to its Captivate ASR solution the ability to identify specific features in automat...
13/06/2025
WASHINGTON Federal Communications Commission member Anna Gomez has wrapped up two weeks in California visiting broadcasters, television studio executives, enter...