In search of a best practice for prioritization, we decided to look at the dilemma from an additional angle: the hacker community.
We joined forces with CYR3CON, a company that specializes in predicting cyber-attacks based on AI gathered from various hacker communities including the dark web and the deep web. CYR3CON’s CyRating™ takes factors like discussions in hacker communities, availability of exploits, and exploitation of similar vulnerabilities into account.
It captures all information in a single metric, as it is designed to communicate how many times more likely a vulnerability is to be exploited than average.
Cross-referencing the data about the most common open source vulnerabilities in 2019 and CYR3CON’s CyRating helped us examine how we should prioritize vulnerabilities from the perspective of hackers.