Security News > 2022 > July > The enemy of vulnerability management? Unrealistic expectations
As an experienced vulnerability management professional and a former system administrator who specialized in patching and remediated 800,000 vulnerabilities over the course of my career, I can offer some realistic perspective on this topic.
One reoccurring discussion I've had is how long it takes for a new vulnerability to get exploited.
In some cases, active exploits exist before the vulnerability becomes public knowledge.
While predicting how long it will be before a vulnerability will be exploited is not practical at the present time, the EPSS model can help to predict the likelihood of a vulnerability being exploited within the next 12 months.
While you cannot tell if a vulnerability will be exploited in 30 days versus 180 days, it does stand to reason that a vulnerability with an EPSS score of 99 out of 100 will probably be exploited sooner than a vulnerability with an EPSS score of 11 out of 100.
The main enemy of vulnerability management is not attackers, but unrealistic expectations.
News URL
https://www.helpnetsecurity.com/2022/07/13/vulnerability-management-expectations/
Related news
- Top Vulnerability Management Tools: Reviews & Comparisons 2024 (source)
- Setting a security standard: From vulnerability to exposure management (source)
- The effect of compliance requirements on vulnerability management strategies (source)
- Want to Grow Vulnerability Management into Exposure Management? Start Here! (source)