There’s no other way to state it: Existing vulnerability management processes are broken. Current vulnerability management paradigms are not keeping up with threats. Attacks similar to WannaCry and Petya, which exploited the Eternal Blue vulnerability, could happen again at any time.
According to CVE Details, the number of vulnerabilities reported to date in 2018 (6559) already tops the total number of vulnerabilities reported in all of 2016 (6447). If nothing dramatic changes, the list seems on track to at least match last year’s record of over 14,600 reported vulnerabilities, if not to top it.