Vulnerability Management Axioms
The article is coming from here. I quoted part of it because it’s useful when we design vulnerability management tools.
To get anywhere with vulnerability management, Northcutt said there are five things to consider first:
- Vulnerabilities are the gateways through which threats are manifested.
- Vulnerability scans without remediation have little value.
- A little scanning and remediation is better than a lot of scanning and less remediation.
- Vulnerabilities in need of fixing must be prioritized based on which ones post the most immediate risk to the network.
- Security practitioners need a process that will allow them to stay on the trail of vulnerabilities so the fixes can be more frequent and effective.
