Has anyone seen any analysis of CVE:KEV ratios over time?

Further question, has anyone seen any analysis of optimal conditions where an LLM might reasonably be expected to find and exploit a vulnerability and what %age of CVE targetted software and KEV affected software meets that profile?

I actually have an interesting side quest in my head now... all the bugs I've ever reported are due to real world threats that need testing... now I wonder which products/projects I have tested are a) actually recognised and understood by the average LLM and b) for which source code or binaries are available.

@timb_machine Shouldn't be too hard to graph...

@timb_machine 141:1 -> 10000:1 (The Linux kernel after they became a CNA is an outlier and should not have been counted.)

One of my more academically minded friends pointed me at this:

https://www.redhat.com/en/blog/navigating-mythos-haunted-world-platform-security

I think I have an idea for my next research paper :)

I asked ChatGPT about treasury systems. I wasn't particularly specific on what I asked (why help it?) but it makes the case pretty well for me.

https://gist.github.com/timb-machine/daa99dba6c7570bac8cddf9215152489

A treasury-focused red team should prioritise:

* Identity > privilege escalation > financial action
* End-to-end transaction abuse (trades or payments)
* Cross-system inconsistencies
* Detection evasion

Not just:

* CVEs
* Generic web vulnerabilities

@timb_machine What kind of information do you hope to extract from this? KEV data is incomplete, CVE data is extremely noisy and incomplete.