Skip to main content
HomeTopicsVulnerability Management

Vulnerability Management

CVE trends, patch management statistics, vulnerability disclosure timelines, and remediation benchmarks.

Showing 61-80 of 97 results

When open source using organizations were asked if they took steps to improve its patch and vulnerability management processes in the last 12 months, 23.0% said they increased IT security staff.

TuxCare5/27/2026
Open SourcePatching

When open source using organizations were asked if they took steps to improve its patch and vulnerability management processes in the last 12 months, 18.4% said they adopted AI/machine learning.

TuxCare5/27/2026
Open SourcePatching

48.5% of surveyed organizations said there was no change in the last 12 months in the time required for patching a critical or high-priority Linux vulnerability once it was detected.

TuxCare5/27/2026
Open SourcePatching

Attacks that begin with exploitation of public-facing applications increased by 44%, largely driven by missing authentication controls and AI-enabled vulnerability discovery.

IBM5/27/2026
Application SecurityPublic-Facing Applications

Vulnerability exploitation accounted for 40% of incidents observed by IBM X‑Force in 2025.

IBM5/27/2026
Vulnerability Exploitation

Only 1% of vulnerabilities are confirmed to be exploited in the wild in 2025

VulnCheck5/27/2026
Exploit Activity

When open source using organizations were asked if they took steps to improve its patch and vulnerability management processes in the last 12 months, 63.2% said they reviewed/updated internal vulnerability management processes.

TuxCare5/27/2026
Open SourcePatching

Only 1% of organizations said they decreased the time required for patching a critical or high-priority Linux vulnerability after it was detected.

TuxCare5/27/2026
Open SourcePatching

73% of SCA users lack visibility into whether flagged vulnerabilities are exploitable in production.

Rein Security2/22/2026
Software Composition AnalysisVisibility

Average Time to Exploit (TTE) declines year-by-year: 745 days in 2020, 518 days in 2021, 405 days in 2022, 296 days in 2023, 115 days in 2024, and 44 days in 2025.

Flashpoint2/14/2026
Average Time To ExploitTTE

42% of security teams use AI for vulnerability response and remediation.

Ivanti2/14/2026
AIVulnerability Response

76% of organizations check AI code for security risks.

Black Duck1/1/2026
AI CodeSoftware Development

Organizations that effectively track and manage open source dependencies are 85% more prepared to secure open source software compared to the overall average of 57%.

Black Duck1/1/2026
Open SourceSoftware Security

63% of respondents that prioritize SBOM validation say they're highly prepared to evaluate third-party software.

Black Duck1/1/2026
Third-Party Software SecuritySoftware Supply Chain

60% of organizations that perform automatic continuous monitoring report remediating critical software vulnerabilities within a day.

Black Duck1/1/2026
Software DevelopmentAutomatic Continuous Monitoring

Only 24% of organizations have adopted comprehensive strategies to secure AI-generated code.

Black Duck1/1/2026
AI-Generated CodeSoftware Development

Only 45% of the full respondent pool say they remediate critical software vulnerabilities within a day.

Black Duck1/1/2026
Critical Software VulnerabilitiesCritical Software Vulnerability Remediation

59% of respondents that prioritize SBOM validation typically respond to critical software vulnerabilities within one day.

Black Duck1/1/2026
SBOMSBOM Validation

54% of organizations using at least four compliance controls remediate critical vulnerabilities within a day.

Black Duck1/1/2026
Compliance ControlsCritical Vulnerabilities

49% of organizations using at least three compliance controls remediate critical vulnerabilities within a day.

Black Duck1/1/2026
Compliance ControlsCritical Vulnerabilities