2,740 / 3,460
patched vs. new, per quarter
You measure activity, not risk
You scan, you patch, and still the list grows: more arrives each quarter than you clear. The number of patched vulnerabilities shows how much work you get through, not whether real risk has gone down.
Illustrative, organisation with ~3,000 systems.