We correlate OSINT data on exploits and crimeware with security test results of security tools to model the kill chain and how evade enterprise security detection.

We analyzed the patch development process of Microsoft and Apple from 2002 to 2007, using public vulnerability data to assess potential bias in vendor information.

Analyzing over 80,000 security advisories, we identified trends in zero-day exploits and measured the gap between exploit and patch availability.