Vulnerabities are being exploited faster than ever: opportunity in disguise

The Zero Day Clock is now at 1.0 TTE (Time-to-Exploit), meaning vulnerabilities are getting exploited within 1 day on average. 50% of vulnerabilities are exploited within 17 hours. Source: https://zerodayclock.com/ That's a crazy time for cybersecurity! On one hand we have TTE approaching zero, and on the other hand we are actively throttling dependency updates in our software due to the increased risk of supply-chain attacks (or as PyPI puts it: we are no longer drinking from the firehose) So we have three problems: We need to patch CVEs faster, and unlike attackers: moving fast is risky. One wrong patch or one wrong live-patching can lead to downtime or can lock out legitimate users. Unlike attackers: we have something to lose, and we have processes that we need to follow. We need to slow down updates due to increased risk of supply-chain attacks And at the same time, the volume of new CVEs is increasing alarmingly This is an interesting dilemma. This is something that traditional pr