Why Are We Still Obsessed With CVEs When Misconfigurations Cause Most Damage?

The author of the post highlights that in the field of bug bounty hunting and offensive security, successful attacks rarely depend on exotic CVEs. Instead, they often exploit misconfigurations such as exposed data, forgotten subdomains, S3 buckets with weak ACLs, and .git leaks. The author expresses concern about managing misconfigurations and asset discovery rather than chasing every patch.