In this episode I sit down with my friend and Vulnerability Researcher Patrick Garrity ๐พ๐น๐ of VulnCheck to do a roundup of the latest trends, analysis and insights into the vulnerability and exploitation ecosystem throughout the past year.
We covered a lot of great topics, including:
- The most notable vulnerability trends over 2025, including what has changed, or stayed the same in the past year.
- Continued challenges around the NIST NVD and CVE, the sprawl of competing vulnerability databases and vulnerability identification schemes, challenges with funding, centralized vs. decentralized approaches and what the future holds.
- What the life of a vulnerability researcher looks like under the hood, including participating in coordinated vulnerability disclosure.
- Efforts from Patrick's team at VulnCheck, including their Known Exploited Vulnerability catalog, covering gaps from the CISA KEV, as well as https://research.vulncheck.com that provides excellent graphs and visualizations.
- Patrick's thoughts on what the vulnerability management landscape may look like in 2026.
