macOS reduced its total vulnerability by 29 percent from 2022 to 2023. However, exploited vulnerabilities have increased by over 30 percent during the same period. Mike Walters, president and co-founder of Action1, emphasized the importance of their report, citing the delay in associating Common Vulnerabilities and Exposures (CVE) identifiers with Common Platform Enumeration (CPE) data by the National Vulnerability Database (NVD). The goal of the report is to provide essential knowledge to key decision makers and to encourage them to prioritize their efforts in vulnerability monitoring using alternative approaches.

In response to the NVD crisis, it is vital for the cybersecurity community to share information and build stronger relationships among private cybersecurity firms, academic institutions, and other threat intelligence platforms. This collaborative effort aims to facilitate holistic and timely data sharing to enhance the security posture of all organizations. The report also highlights a high exploitation rate for NGINX (100 percent) and Citrix (57 percent). It notes an increased exploitability of MS Office, particularly critical vulnerabilities, which account for nearly 80 percent of the overall annual vulnerability count, with up to 50 percent being Remote Code Executions (RCEs).

In 2023, Microsoft saw its exploitation rate rise to seven percent, compared to two percent in 2022.