Responding to Emerging Threats Amidst the Shitpile of Vulnerability Debt

No ratings

Presented at GrrCON 2025 by

Patrick Garrity

Emerging threats continue to grow at an increasing rate, and defenders are stuck trying to prioritize what matters amidst an overwhelming shitpile of vulnerability debt. This talk examines the stark differences between urgent, emerging threats, including actively exploited vulnerabilities, and the long tail of unresolved legacy issues that often paralyze security teams. We’ll dive deep into the exploitation trends shaping 2025: the rising velocity of exploited vulnerabilities, key affected product categories, and the shifting threat landscape. From internet-facing systems to end-user interactions and remotely exploitable flaws, I’ll cover what needs rapid response. At the same time, we can’t ignore vulnerability debt. I’ll outline strategies for understanding its root causes, improving patch management, implementing best practices, and systematically reducing attack surface by pruning unused and end-of-life assets. You’ll walk away with ideas on how to separate the real fires from the smoldering piles, allowing you to respond faster to emerging threats without being buried alive by your shitpile of vulnerability debt.