ON 9 February 2026, SecurityWeek reports that Tod Beardsley, currently VP of Security Research at runZero, has written a paper titled KEVology to help security teams understand KEV and how best to use it. The piece notes that CISA’s KEV Catalog, known as the KEV list, now contains just over 1,500 vulnerabilities that have been exploited in the wild, and it is intended as a prioritisation signal for remediation rather than a comprehensive list.
According to CISA’s KEV Catalog, a vulnerability must meet four criteria to be included: it must have a CVE number, it must have been exploited, a patch must be available, and it must be relevant to US federal interests. The article also introduces KEV Collider, a web app launched by Beardsley on Run Zero, described as an interactive form of the paper to help users filter KEV entries by CVSS qualities, EPSS scores, or the existence of a Metasploit module or Nuclei template.
It emphasises that the enrichment approach blends multiple signals to aid defensible prioritisation as KEV continues to grow. According to the report, the aim is to align CISA’s recommendations with organisations’ security priorities and to reduce time spent solely on interpreting KEV-remediation instructions.