Slicing through CISA’s KEV Catalog

Who’s most at risk and who’s fastest at the fix

Explore a critical analysis of CISA’s Known Exploited Vulnerabilities (KEV) Catalog, brought to you by Bitsight’s TRACE security research team.

The report collects data from 1.4 million organizations globally and finds that over a third of organizations analyzed had at least one known vulnerability in 2023, with nearly a quarter of those facing five or more, and 60% of vulnerabilities remained unaddressed past CISA's deadlines.

Download your copy to learn: 

  • What the KEV Catalog is and how it’s evolved
  • How prevalent are KEVs across the globe and which organizations are most affected
  • How fast are KEVs fixed—and how your organization measures up


"KEVs are one of the clearest signals of risk available, yet they often come as a surprise even to the most diligent of organizations. Remediation should be a top priority for any organization."
Ben Edwards

Ben Edwards
Principal Research Scientist