Skip to main content
HomeTopicsVulnerability Disclosure

Vulnerability Disclosure

Cybersecurity statistics about vulnerability disclosure

Showing 1-10 of 10 results

68 of 104 detected surge events preceded a vendor-matched CVE, spanning 33 vulnerabilities across 16 vendor families.

GreyNoise5/27/2026
Threat IntelligenceVendor Security

The median lead time of vendor-targeted surges before a matched vulnerability disclosure is 11 days.

GreyNoise5/27/2026
Threat Intelligence

49% of vendor-targeted surges begin within 10 days before the associated vulnerability disclosure.

GreyNoise5/27/2026
Threat Intelligence

78% of vendor-targeted surges begin within 21 days before the associated vulnerability disclosure.

GreyNoise5/27/2026
Threat Intelligence

SonicWall CVE-2026-0400 experienced six surges with lead times compressing from 37 days to 3 days and peak session volume reaching 69 times the median.

GreyNoise5/27/2026
Threat IntelligenceSonicWall

Fortinet CVE-2026-24858 provides one day of warning before disclosure.

GreyNoise5/27/2026
Threat IntelligenceCVE

Streamlining of responsible vulnerability disclosure grew by more than 40%.

Black Duck2/9/2026
Regulatory ComplianceApplication Security

85% of hackers believe reporting critical vulnerabilities is more important than making money.

Bugcrowd2/5/2026
Responsible DisclosureEthics

65% of hackers have chosen not to disclose vulnerabilities due to lack of clear reporting pathways.

Bugcrowd2/5/2026
Vulnerability ReportingOrganizational Security

The average time from vulnerability disclosure to patch deployment in operational technology environments exceeds 180 days, compared to 30 days for traditional IT systems.

Trellix11/22/2025
Operational technologyVulnerability disclosure