The daily influx of new Common Vulnerabilities and Exposures (CVEs) has become a significant challenge for security professionals, with over 110 new entries emerging every day. This surge is attributed to the growth of the security research community, the rise of bug bounty programs, and the increased use of automated scanning tools, which have industrialized vulnerability discovery. As a result, the number of published CVEs has skyrocketed, with over 29,000 in 2023 and 40,000 in 2024. Although only about 5-7% of these vulnerabilities are exploited in the wild, the sheer volume poses a significant threat to defensive security. The exploitation of these vulnerabilities can have severe consequences, making it essential for security teams to develop effective strategies to handle the flood of CVEs1. This matters to practitioners because it highlights the need for robust vulnerability management and prioritization to mitigate potential threats.
Handling the CVE Flood With EPSS, (Mon, Apr 20th)
⚠️ Critical Alert
Why This Matters
Some numbers[ 1 ]: CVEs published in 2023: 29K+ CVEs published in 2024: 40K+ New CVEs per day: ~110 Exploited in the wild: ~5-7% The root cause of this explosion is structural:.
References
- SANS Internet Storm. (2026, April 20). Handling the CVE Flood With EPSS. https://isc.sans.edu/diary/rss/32914
Original Source
SANS Internet Storm
Read original →