It seems like all I hear about in the vulnerability space right now is prioritization. It is the blockchain of vulnerability management. Yet, prioritizing vulnerabilities does little, if anything at all, to solve the vulnerability management problem. I have spent close to a decade helping organizations with vulnerability management and I am starting to wonder why we talk about this subject so much. Maybe it is because those are the latest and greatest features being added to vulnerability management products and tools. Maybe it is because we are overwhelmed by the quantity of vulnerabilities in our environments. Or, maybe it is something we feel like we can actually accomplish that provides value when we don’t have control over the ultimate solution. Whatever the reason, I am not hearing about much else.
RSS