Vulnerability Management Guidance
A well-run vulnerability management program is critical for all organizations. As you've seen from the data and analysis in this chapter, there have been lots of vulnerabilities disclosed across the industry and the volumes have been increasing, not decreasing. At the end of 2021, there were over 167,000 CVEs in the NVD. Attackers know this and understand how challenging it is for organizations to keep up with the volume and complexity of patching the various hardware and software products they have in their environments. Defenders have to be perfect while attackers just have to be good or lucky once. Let me provide you with some recommendations regarding vulnerability management programs.
First, I cannot overstate the importance of asset management and its role enabling effective vulnerability management, incident response, and many other aspects of IT management. If an organization doesn’t maintain an accurate inventory of IT assets, it...
