How CISA's List Of 'Must-Patch' Vulnerabilities Has Expanded In Both Size, And In Who's Using It
Cyberscoop, June 9th, 2022
June 19, 2022,
Volume 291, Issue 3
When the Cybersecurity and Infrastructure Security Agency debuted its list of known, exploited vulnerabilities in November, it was nearly 300 flaws long and came attached to an order for federal agencies to fix them quickly.
Tim Starks writes in Cyberscoop,
"Now, as of this week, the catalog known as 'KEV' or the 'Must-Patch' list is well on its way to 800 listings, and it's the 'No. 1 topic' that CISA Executive Director for Cybersecurity Eric Goldstein says comes up in his frequent, daily meetings with businesses.
The reason, said Goldstein, is that the private sector has - without any order from his agency - adopted the KEV list as a guide for the vulnerabilities they focus on, rather than relying on the traditional open-source industry standard Common Vulnerability Scoring System for assessing the severity of software weaknesses..."
Read More ...