Richard Thomas of the University of Birmingham and Joseph Gardiner of the Bristol Cyber Security Group, University of Bristol, discuss their recently published paper: "Catch Me If You Can: An In-Depth Study of CVE Discovery Time and Inconsistencies for Managing Risks in Critical Infrastructures." The paper examines how long ICS and OT vulnerabilities are in the wild before being discovered, and also shortcomings in ICS-related CVEs, which are often the first touch organizations have with vulnerabilities on their networks.  Learn how long vulnerabilities are present before they're uncovered, and exactly what the gap is between CVE information and the details about affected products. The researchers also share recommendations for suggested improvements.