Only 5.5% of all vulnerabilities are ever exploited in the wild
Only a rather small number of discovered security vulnerabilities are actually exploited by threat actors, new research shows. Of the 76,000 flaws that were found between 2009 and 2018, only 4,183 (5.5%) were exploited in real world cyber attacks.
Interestingly, the researchers found no connection between the publication of proof-of-concept (PoC) exploit code for a certain flaw and the beginning of attack campaigns exploiting that vulnerability. PoC code was available for just half of the 4,183 vulnerabilities that were exploited, meaning that the attackers developed their own exploit code. A less surprising finding is that high severity flaws are exploited more often than less serious vulnerabilities.