Quantifying The Attacker’S First-Mover Advantage

Vulnerability assessments to effectively improve the Time to Assess

Published August 2018


This report measures the difference in days between when an exploit for a vulnerability becomes publicly available (Time to Exploit Availability) and when a vulnerability is first assessed (Time to Assess).


• 7-day Attackers have a median seven day window of opportunity to exploit a vulnerability before a defender is even aware they are vulnerable.

• 76% of analyzed vulnerabilities had a negative delta – meaning the attacker has the first-mover advantage.

• 34% For 34 percent of the analyzed vulnerabilities, an exploit was available on the same day that the vulnerability was disclosed.

• 24% A further point of concern is that 24 percent of analyzed vulnerabilities were being actively exploited by malware, ransomware or exploit kits in the wild.

• 75% While improving the Time to Assess by 75 percent would result in a positive delta for 66 percent of the analyzed vulnerabilities, the rapid Time to Exploit Availability and its weaponization mean that defenders often begin on a back footing and are challenged to gain the lead in the first move.

You will have to register, or log in, in order to download this paper.

Biting the hand that feeds IT © 1998–2018