Log4Shell, EternalBlue, Heartbleed—vulnerabilities played a central role in many severe and dramatic cyberattacks over the last decade. But the alarming nature of these events masks the constant challenges organizations face in effectively prioritizing and resolving the many other less headline-grabbing vulnerabilities they detect throughout the year. It’s in light of these challenges that the Cybersecurity and Infrastructure Security Agency (CISA) has stepped in with a new vulnerability management methodology—here’s the lowdown on it.
Why Vulnerability Management Must Evolve
It’s no secret that vulnerability management isn’t where it needs to be—flaws and weaknesses in systems and code continue to threaten cybersecurity at organizations of all sizes. A statistic that exemplifies the struggle is that companies take an average of 60 days to patch critical vulnerabilities. This duration is worrying considering that critical vulnerabilities often provide a path to compromise systems or infrastructure at the admin (root) level, and effectively seize control of them.
Large companies struggle with the volume and sophistication of the vulnerabilities they encounter…
