CyberNews Briefs

The patching paradox: vulnerability scoring leads to slower high-risk remediation

New research by Kenna Security confirms that vulnerabilities are patched faster in firms that have a mature vulnerability management program. While this is hardly surprising, the study also reveals that in the context of patch management, paying too much attention to the Common Vulnerability Scoring System (CVSS) may actually result in longer remediation times for critical vulnerabilities. This is because CVSS scores may not adequately reflect the real-world risk of certain flaws for a specific environment.

Similarly, the study found that organizations that prioritized compliance over security “tended to struggle to patch all high-risk vulnerabilities across their organisation.”

Read more: The patching paradox: vulnerability scoring leads to slower high-risk remediation

 

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.