Bitsight Reveals More than 60 Percent of Known Exploited Vulnerabilities Remain Unmitigated Past Deadlines in First-of-its-Kind Analysis of CISA's KEV Catalog
BOSTON, May 1, 2024 /PRNewswire/ -- Bitsight, the leader in cyber risk management, today released a new report by its TRACE security research team analyzing the Known Exploited Vulnerabilities (KEV) catalog, the Cybersecurity and Infrastructure Security Agency's (CISA) authoritative source of vulnerabilities that have been exploited in the wild.
- "Even critical severity vulnerabilities take four and a half months to remediate on average.
- Key KEV prevalence and remediation findings from the Bitsight TRACE study include:
Vulnerabilities included in the KEV catalog are highly prevalent and over a third of organizations had at least one in 2023. - Despite faster remediation of KEVs versus non-KEVs, more than 60% are remediated after deadlines provided by CISA
Remediation of KEVs varies based on the severity:
Known ransomware vulnerabilities are highly prevalent but remediated faster. - "The data leaves no doubt: CISA's creation of the KEV catalog has been hugely positive.