The Vulnerability Crisis No One is Funding

Failed to add items

Sorry, we are unable to add the item because your shopping cart is already at capacity.

Add to basket failed.

Please try again later

Add to wishlist failed.

Please try again later

Remove from wishlist failed.

Please try again later

Adding to library failed

Please try again

Follow podcast failed

Unfollow podcast failed

The Vulnerability Crisis No One is Funding

Listen for free

View show details

Last week, I asked Philippe Langlois, principal author of the 2026 Verizon DBIR, a simple question: if an MSP could only focus on one thing this year, what should it be? His answer, without hesitation: "Vulnerability management."

That tracks, as this is the first year in DBIR history that vulnerability exploitation has overtaken stolen credentials as the top breach entry point, jumping from 20% to 31%. Meanwhile, median time-to-patch climbed from 32 to 43 days, and only 26% of known exploited vulnerabilities got fully remediated.

As most know, NIST just overhauled how the National Vulnerability Database operates, moving to a risk-based triage model after CVE submissions jumped 263% since 2020. Joining us to unpack it is Steve Carter, CEO and co-founder of Nucleus Security, who's spent over two decades in vulnerability management

No reviews yet