Great Patching Lessons To Learn From The Zero Day Clock
KnowBe4, March 26,2026
I just came across the Zero Day Clock, and I love it. Everyone should go there, see the stats, see the trends, and figure out what that means for your ongoing and future patch management plans.
- Most exploited vulnerabilities are zero-days
- Less than 2% of publicly known vulnerabilities are ever exploited
- Time from public disclosure to first exploitation is less than two days and falling
- AI will make these facts even worse
- Defenders need to update their patch management strategy and process to account for the vulnerability exploitation reality
The Zero Day Clock has super important statistics everyone should know and commit to memory. It has four charts that speak to the importance of vulnerabilities, patching, and the decreasing time to patch. I will cover three of the four charts below (but in a different order than the site lists them).