Prioritize these vulnerabilities

Only 2%-7% of published vulnerabilities are seen exploited in the wild.

If you focused your remediation efforts on these, you would sort CVSS entries for:

  1. Code execution or SQL injection vulnerability
  2. Remotely exploitable
  3. In a Microsoft product
  4. With an exploit available on ExploitDB, Metasploit, or GitHub
  5. A CVE that has a higher number of external references
  6. Requiring no privileges

Remediate vulnerabilities that are known to be exploited first.

If you start there, you'll get 80% of returns for 20% of the efforts.

I hope you found this valuable

I send out an e-mail whenever I publish new content. It's free. No spam. Unsubscribe whenever you want.