In this episode I sit down with my friend and Vulnerability Researcher Patrick Garrity πΎπΉπ of VulnCheck to do a roundup of the latest trends, analysis and insights into the vulnerability and exploitation ecosystem throughout the past year.
Interested in sponsoring an issue of Resilient Cyber?
This includes reaching over 40,000 subscribers, ranging from Developers, Engineers, Architects, CISOβs/Security Leaders and Business Executives
Reach out below!
Prefer to listen?
We covered a lot of great topics, including:
The most notable vulnerability trends over 2025, including what has changed, or stayed the same in the past year.
Continued challenges around the NIST NVD and CVE, the sprawl of competing vulnerability databases and vulnerability identification schemes, challenges with funding, centralized vs. decentralized approaches and what the future holds.
What the life of a vulnerability researcher looks like under the hood, including participating in coordinated vulnerability disclosure.
Efforts from Patrickβs team at VulnCheck, including their Known Exploited Vulnerability catalog, covering gaps from the CISA KEV, as well as https://research.vulncheck.com that provides excellent graphs and visualizations, such as the one below showing vulnerability exploitation timelines.
Patrickβs thoughts on what the vulnerability management landscape may look like in 2026.
