Research

Original Research

Named-analyst analysis and reproducible datasets, built entirely on primary sources — the CISA KEV catalog, NVD, and vendor advisories. Every figure is traceable; every dataset is downloadable.

Analysis · 2026-07-05

Exploitation Is Concentrated: Why Patch Prioritization Should Follow KEV, Not CVSS

The top 5 vendors account for 43.8% of every CVE CISA confirms exploited in the wild. A data-driven case for KEV-led prioritization.

Read →
Dataset · Updated monthly · 2026-07-05

The Exploitation Velocity Index

Reproducible analysis of the CISA KEV catalog: vendor exposure, ransomware association, catalog velocity, and remediation-urgency windows. 1631 entries.

Read →

Our research is held to the sourcing and corrections standards described in About & Editorial Standards. Datasets are published under CC BY 4.0. To discuss enterprise research or advisory work, get in touch.