The enemy of vulnerability management? Unrealistic expectations

2022-07-13 03:30

As an experienced vulnerability management professional and a former system administrator who specialized in patching and remediated 800,000 vulnerabilities over the course of my career, I can offer some realistic perspective on this topic.

One reoccurring discussion I've had is how long it takes for a new vulnerability to get exploited.

In some cases, active exploits exist before the vulnerability becomes public knowledge.

While predicting how long it will be before a vulnerability will be exploited is not practical at the present time, the EPSS model can help to predict the likelihood of a vulnerability being exploited within the next 12 months.

While you cannot tell if a vulnerability will be exploited in 30 days versus 180 days, it does stand to reason that a vulnerability with an EPSS score of 99 out of 100 will probably be exploited sooner than a vulnerability with an EPSS score of 11 out of 100.

The main enemy of vulnerability management is not attackers, but unrealistic expectations.

News URL

https://www.helpnetsecurity.com/2022/07/13/vulnerability-management-expectations/

#management #vulnerability

News URL

Related news