"KEV Catalog Reaches 1,000, What Does That Mean and What Have We Learned"
The US Cybersecurity and Infrastructure Security Agency (CISA) launched the Known Exploited Vulnerabilities (KEV) catalog in November 2021 to provide an authoritative source of vulnerabilities that have been exploited "in the wild." Recently, the catalog has expanded to include over 1,000 vulnerabilities. As part of a vulnerability management program that facilitates prioritization based on organizational attributes, such as how a vulnerable product is being used and the exploitability of the relevant system, every organization should prioritize the mitigation of KEVs. This article continues to discuss how the KEV program works, lessons learned, how organizations can effectively use the KEV, future improvements, and how to reduce the prevalence of vulnerabilities by design.
CISA reports "KEV Catalog Reaches 1,000, What Does That Mean and What Have We Learned"