Vulnerability Management
CVE trends, patch management statistics, vulnerability disclosure timelines, and remediation benchmarks.
Related Topics
Showing 61-80 of 97 results
When open source using organizations were asked if they took steps to improve its patch and vulnerability management processes in the last 12 months, 23.0% said they increased IT security staff.
When open source using organizations were asked if they took steps to improve its patch and vulnerability management processes in the last 12 months, 18.4% said they adopted AI/machine learning.
48.5% of surveyed organizations said there was no change in the last 12 months in the time required for patching a critical or high-priority Linux vulnerability once it was detected.
Attacks that begin with exploitation of public-facing applications increased by 44%, largely driven by missing authentication controls and AI-enabled vulnerability discovery.
Vulnerability exploitation accounted for 40% of incidents observed by IBM X‑Force in 2025.
Only 1% of vulnerabilities are confirmed to be exploited in the wild in 2025
When open source using organizations were asked if they took steps to improve its patch and vulnerability management processes in the last 12 months, 63.2% said they reviewed/updated internal vulnerability management processes.
Only 1% of organizations said they decreased the time required for patching a critical or high-priority Linux vulnerability after it was detected.
73% of SCA users lack visibility into whether flagged vulnerabilities are exploitable in production.
Average Time to Exploit (TTE) declines year-by-year: 745 days in 2020, 518 days in 2021, 405 days in 2022, 296 days in 2023, 115 days in 2024, and 44 days in 2025.
42% of security teams use AI for vulnerability response and remediation.
76% of organizations check AI code for security risks.
Organizations that effectively track and manage open source dependencies are 85% more prepared to secure open source software compared to the overall average of 57%.
63% of respondents that prioritize SBOM validation say they're highly prepared to evaluate third-party software.
60% of organizations that perform automatic continuous monitoring report remediating critical software vulnerabilities within a day.
Only 24% of organizations have adopted comprehensive strategies to secure AI-generated code.
Only 45% of the full respondent pool say they remediate critical software vulnerabilities within a day.
59% of respondents that prioritize SBOM validation typically respond to critical software vulnerabilities within one day.
54% of organizations using at least four compliance controls remediate critical vulnerabilities within a day.
49% of organizations using at least three compliance controls remediate critical vulnerabilities within a day.