Why we misunderstand vulnerability management


Sometimes too much information is double-edged. Security teams use multiple vulnerability scanners to deal with a significant increase in both the variety of attack surfaces and software vulnerabilities.

But they are soon overwhelmed with results, leading to a growing backlog of bugs to fix. This backlog has several negative effects. It slows down the development process because it takes time to fix the bugs and ignoring them leads to an excessive amount of technical debt.

Many teams use outdated practices and limited data that studies have shown do not reduce risk to an organization’s attack surface. In fact, a recent analysis by RAND Corporation found no significant reduction in security breaches in organizations with mature vulnerability management programs.

There has to be a better way to handle vulnerability management. I suggest rethinking vulnerability management.

Too much noise, too few signals
The new path to vulnerability…


Source link

Leave a Reply