“Claude Mythos is a supply code reviewer and it doesn’t actively exploit vulnerabilities within the wild. Whereas the mannequin is highly effective and will flip up flaws quicker, forcing IT groups to reply extra quickly will solely result in poorly-tested stopgaps and trigger additional issues down the road.”
One other skilled questioned whether or not businesses even totally understood their publicity. “Three days is the incorrect query. What you’re actually asking is whether or not businesses can discover each system they personal, know each dependency, and produce proof that the patch landed. Most can’t, whether or not it’s day 3 or day 30,” commented Mit Patel, founder and CEO of MSP steady verification firm, Assurix.
Patel continued: “CISA’s been working accelerated timelines since 2021, by way of KEV and BOD 22-01. The 14-day default already will get compressed for the worst CVEs. Going to 3 days as normal is a tighter model of one thing we already do. Companies that hit 14 days reliably will in all probability hit three days. Companies that miss 14 days will miss three days by the identical margin.”
