Security News > 2022 > May > That critical vulnerability might not be the first you should patch
Enterprise security teams being overrun by the rising numbers of vulnerabilities uncovered each day could vastly reduce their patching workload by changing how they prioritize the flaws, according to recent research from vulnerability startup Rezilion.
Companies will start their remediation efforts with the vulnerabilities deemed "Critical" and work their way down, said Yotam Perkal, director of vulnerability research with Rezilion.
In a study released this week, Rezilion found that about 85 percent of the vulnerabilities are not loaded into memory at these organizations, Perkal told The Register.
"If traditional vulnerability management approaches were used, one would spend upward of 85 percent of patching time and efforts on vulnerabilities that posed no actual risk to the environment."
"Organizations have limited resources and limited capacity to deal with vulnerability management and patch management," Perkal said.
"If you have 1,000 vulnerabilities, focus on the 200 that are actually loaded to memory," Perkal said.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/05/30/rezilion-vulnerability-patching/
Related news
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)