Original Research
Named-analyst analysis and reproducible datasets, built entirely on primary sources — the CISA KEV catalog, NVD, and vendor advisories. Every figure is traceable; every dataset is downloadable.
Analysis · 2026-07-05Exploitation Is Concentrated: Why Patch Prioritization Should Follow KEV, Not CVSS
The top 5 vendors account for 43.8% of every CVE CISA confirms exploited in the wild. A data-driven case for KEV-led prioritization.
Read → Dataset · Updated monthly · 2026-07-05The Exploitation Velocity Index
Reproducible analysis of the CISA KEV catalog: vendor exposure, ransomware association, catalog velocity, and remediation-urgency windows. 1631 entries.
Read →Our research is held to the sourcing and corrections standards described in About & Editorial Standards. Datasets are published under CC BY 4.0. To discuss enterprise research or advisory work, get in touch.