February 26, 2024

New CWE TOP 10 KEV (Known Exploited Vulnerabilities) Report

New

We are happy to share the availability of a new report - CWE TOP 10 KEV (Known Exploited Vulnerabilities).

CISA:

In 2021, the Cybersecurity and Infrastructure Security Agency (CISA) began publishing the Known Exploited Vulnerabilities (KEV) Catalog.
The CVEs in this catalog are vulnerabilities reported as actively exploited. CISA recommends that organizations monitor the KEV catalog and use its content to help prioritize remediation activities in their systems to reduce the likelihood of compromise.

The new KEV report:

In December 2023, MITRE published an analysis of the TOP 10 exploitable CWEs for the first time. For each CWE, MITRE looked at how many CVEs are assigned to it in the KEV catalog and their average CVSS score.
The list contains 10 prioritized CWEs that, if addressed, can reduce the risk of exploitation.

The new report provides an additional approach to managing and prioritizing risk according to industry standards in addition to the OWASP TOP 10 (2021) and the CWE TOP 25 (2023) reports.

Learn more by reading the documentation available here.