New Data Tool Helps Orgs Prioritize Exploited Flaws Smarter

Data Tool to Triage Exploited Vulnerabilities Can Make KEV More Useful

The KEV Collider, a new data tool, combines data from multiple open source vulnerability frameworks to help security teams quickly assess which issues are important, based on their priorities, with the goal of making the Known Exploited Vulnerabilities (KEV) Catalog more useful. Tod Beardsley, former section chief for the CISA KEV group and current vice president of security research at runZero, created the KEV Collider to address the disconnect between an organization’s cybersecurity needs and lists like CISA’s KEV Catalog.

Why This Matters

The KEV Catalog, published by the US Cyber and Infrastructure Security Agency (CISA), provides a short list of high-impact issues that need immediate attention, but its criteria may not match the cybersecurity priorities of most organizations, leading to wasted resources on low-severity, low-probability vulnerabilities. The KEV Collider aims to help companies better triage the KEV list by combining data from multiple sources, including the KEV Catalog, Common Vulnerability Scoring System (CVSS) scores, and Exploit Prediction Scoring System (EPSS) scores, to provide a more relevant and actionable list of vulnerabilities.

Key Insights

• Over 48,100 vulnerabilities were reported in 2025, a 21% increase from the previous year, highlighting the need for effective vulnerability management: https://www.darkreading.com/threat-intelligence/data-tool-triage-exploited-vulnerabilities-make-kev-catalog-more-useful
• The KEV Collider combines data from multiple open source vulnerability frameworks, including the KEV Catalog, CVSS, and EPSS, to help security teams prioritize vulnerabilities: https://github.com/runZero
• The Exploit Prediction Scoring System (EPSS) and the Likely Exploited Vulnerabilities (LEV) equation are alternative approaches to prioritizing vulnerabilities, but may not be as effective as the KEV Collider in providing a comprehensive and actionable list of vulnerabilities.

Working Example

import pandas as pd

# Load KEV Catalog data
kev_data = pd.read_csv('kev_catalog.csv')

# Load CVSS score data
cvss_data = pd.read_csv('cvss_scores.csv')

# Load EPSS score data
epss_data = pd.read_csv('epss_scores.csv')

# Merge data into a single dataframe
merged_data = pd.merge(kev_data, cvss_data, on='CVE')
merged_data = pd.merge(merged_data, epss_data, on='CVE')

# Filter data based on priority criteria
priority_data = merged_data[(merged_data['CVSS Score'] > 7) & (merged_data['EPSS Score'] > 0.5)]

# Print priority data
print(priority_data)

Practical Applications

• Use Case: The KEV Collider can be used by security teams to quickly assess which vulnerabilities need immediate attention, based on their priorities, and to provide a more comprehensive and actionable list of vulnerabilities.
• Pitfall: Failing to prioritize vulnerabilities effectively can lead to wasted resources on low-severity, low-probability vulnerabilities, and increased risk of exploitation.

References:

• https://www.darkreading.com/threat-intelligence/data-tool-triage-exploited-vulnerabilities-make-kev-catalog-more-useful
• https://github.com/runZero
• https://www.cisa.gov/known-exploited-vulnerabilities