When Time Turns Against You: Understanding Negative TTE
The speed at which bad actors exploit vulnerabilities has rendered waiting for vendor patches an ineffective strategy.
Modern defense now focuses on resilience, containment, rapid detection and response, and recovery. The window between vulnerability disclosure and exploitation has not only closed but reversed, with attackers weaponizing flaws before patches exist.
A notable shift occurred between 2019 and 2023. In 2019, there was an estimated 63-day "safe window" for patching before threat actors began exploiting disclosed vulnerabilities. However, according to a Mandiant analysis, 70% of exploited vulnerabilities in 2023 were zero-day exploits, with the average time to exploit (TTE) dropping sharply to about 5 days.
70% of exploited vulnerabilities in 2023 were zero-day exploits, and the average time to exploit (TTE) had dropped sharply to about 5 days.
Author's summary: Cyber resilience is key as attackers exploit vulnerabilities faster.