Skip to main content

Cybersecurity Statistics

Security Intelligence

HomeTopicsVulnerability Management

Vulnerability Management

CVE trends, patch management statistics, vulnerability disclosure timelines, and remediation benchmarks.

Related Topics

Software Development3SBOM Validation2Critical Software Vulnerabilities2Compliance Controls2Critical Vulnerabilities2Critical Vulnerability Remediation2

Top Vendors

Black Duck9Cobalt6Prowler5Seemplicity3Optiv2CyberSheath1

Showing 1-20 of 26 results

60% of organizations that perform automatic continuous monitoring report remediating critical software vulnerabilities within a day.

Black Duck1/1/2026
Software DevelopmentAutomatic Continuous Monitoring

Only 45% of the full respondent pool say they remediate critical software vulnerabilities within a day.

Black Duck1/1/2026
Critical Software VulnerabilitiesCritical Software Vulnerability Remediation

49% of organizations using at least three compliance controls remediate critical vulnerabilities within a day.

Black Duck1/1/2026
Compliance ControlsCritical Vulnerabilities

63% of respondents that prioritize SBOM validation say they're highly prepared to evaluate third-party software.

Black Duck1/1/2026
Third-Party Software SecuritySoftware Supply Chain

Organizations that effectively track and manage open source dependencies are 85% more prepared to secure open source software compared to the overall average of 57%.

Black Duck1/1/2026
Open SourceSoftware Security

54% of organizations using at least four compliance controls remediate critical vulnerabilities within a day.

Black Duck1/1/2026
Compliance ControlsCritical Vulnerabilities

Only 24% of organizations have adopted comprehensive strategies to secure AI-generated code.

Black Duck1/1/2026
AI-Generated CodeSoftware Development

59% of respondents that prioritize SBOM validation typically respond to critical software vulnerabilities within one day.

Black Duck1/1/2026
SBOMSBOM Validation

76% of organizations check AI code for security risks.

Black Duck1/1/2026
AI CodeSoftware Development

79% of defense contractors lack vulnerability management solutions.

CyberSheath10/1/2025
CMMCSecurity tools

Top challenges in managing cloud vulnerabilities include Budget constraints (35%), Integrating vulnerability management with existing workflows (34%), and Lack of skilled personnel (32%).

Prowler6/4/2025
CloudVulnerabilities

46% of organisations still struggle with cloud vulnerability management.

Prowler6/4/2025
CloudVulnerabilities

Organisations detect an average of 17 vulnerabilities in their cloud environments per week.

Prowler6/4/2025
CloudVulnerabilities

67% of organisations conduct cloud vulnerability assessments monthly or more frequently.

Prowler6/4/2025
CloudVulnerabilities

96% of organisations conduct regular cloud vulnerability assessments.

Prowler6/4/2025
CloudVulnerabilities

34% of respondents report seeing significant improvements in vulnerability response time due to automation.

Optiv4/28/2025
AutomationVulnerabilities

74% of respondents identify a lack of understanding of every potential source of vulnerability as their biggest challenge to effective vulnerability management.

Optiv4/28/2025
VulnerabilitiesVulnerability management

69% of the highest-risk (serious) vulnerabilities are resolved.

Cobalt4/14/2025
VulnerabilitiesVulnerability management

Since 2017, the median time to resolve serious vulnerabilities has decreased dramatically—from 112 days down to 37 days last year.

Cobalt4/14/2025
VulnerabilitiesVulnerability remediation

This represents a cut of 75 days, or two-thirds.

Cobalt4/14/2025
VulnerabilitiesVulnerability remediation