In trying to pinpoint the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities, approaching this solely from a product or tools perspective only looks at the issue through one particular lens.
What is cost-effective is whatever meets the precise assurance requirements of the organisation – anything more, and you’re wasting vital resources; anything less, and you’re exposing the organisation to risk it’s not (theoretically) prepared to accept.
On that basis, a blended model of technical and business activities is most likely to meet the cost-effectiveness and the practicality question. Only doing one type of assessment, or using one tool or process, will not provide the depth required to assure top…
