CISA KEV Categorized Interactive Visualization

Before creating the data visualization, I categorized all the CISA KEV entries based on their respective technology domains. The resulting categories are as follows:

• Operating System – 235 entries
• Network – 182 entries
• Browser – 96 entries
• Productivity Software – 66 entries
• Development Platform – 65 entries
• Open Source Software – 51 entries
• Email – 34 entries
• Mobile Devices – 32 entries
• Browser Plug-in – 31 entries
• Content Management System – 23 entries
• Virtualization – 20 entries
• Security Tool – 19 entries
• Compute Hardware – 17 entries
• File Transfer – 16 entries
• Identity – 16 entries
• Network Storage – 13 entries
• Data – 12 entries
• Collaboration Platform – 11 entries
• Other – 8 entries
• CRM (Customer Relationship Management) – 7 entries
• Configuration Management – 7 entries
• Industrial Control System – 7 entries
• Backup – 5 entries
• Remote Management – 3 entries

The Zoomable Circle Packing Chart:
The resultant data visualization showcases a zoomable circle packing chart, providing users with a seamless exploration experience. By interacting with the chart, users can explore the number of KEV entries attributed to each technology category and further drill down to view the specific vendors and products impacted.

Key Findings:
The data visualization yielded compelling insights, underscoring the significance of comprehending the technology categories that are most common in CISA KEV. Notably, the following four technology domains accounted for a substantial 59% of all KEV entries:

• Operating System
• Network
• Browser
• Productivity Software

These findings emphasize the critical role these technology areas play and help us understanding where we should consider focusing on implementing strong vulnerability management practices to help reduce an organizations risk.