A study by Red Hat showed that 36% of software in use at surveyed organizations was open source. Automated vulnerability reports generated by scanning tools are returning hundreds, if not thousands of vulnerabilities. With organizations reporting a lack of skilled cybersecurity professionals, teams are already stretched too thin to fix each one. Exploitability is a much more important benchmark when it comes to triaging efforts, authors say. Developers should prioritize vulnerabilities by focusing on the potential path they offer for exploitability, they say.
Source: https://www.helpnetsecurity.com/2021/02/10/vulnerability-triage/