Security News > 2021 > May > Risk-based vulnerability management has produced demonstrable results

Risk-based vulnerability management has produced demonstrable results
2021-05-03 05:30

The data shows that risk-based vulnerability management programs allow companies to get measurably better results with less work.

In no cybersecurity discipline was this disparity more glaring than in the field of vulnerability management.

Risk-based vulnerability management doesn't ask "How do we fix everything?" It merely asks, "What do we actually need to fix?" A series of research reports from the Cyentia Institute have answered that question in a number of ways, finding for example, that attackers are more likely to develop exploits for some vulnerabilities than others.

Like patching every vulnerability with a CVSS score above 7 were no better than chance at reducing risk.

Companies start vulnerability management programs with massive backlogs of vulnerabilities, and the number of vulnerabilities only grows each year.

We can now say that, when it comes to vulnerability management - a complex, yet fundamental cybersecurity discipline - the risk-based approach has produced clear results.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/Z-WeC7yApC4/