Our understanding of vulnerabilities and their impact on a *population* or systems is super immature, especially when it comes to operational technology that is 1) mission critical but also then 2) slow to change. (1/2)https://twitter.com/kennwhite/status/1217838723343273984 …
Unfortunately we don’t understand these statistics well. Last year I sponsored a DARPA Young Faculty Award on quantifying vulnerability longevity, but the truth is we need much more study. (Cyber ITL is also doing important related work in this space I think) 3/2