C-Suite On Deck
Keep me plugged in with the best
Join thousands of your peers and receive our weekly newsletter with the latest news, industry events, customer insights, and market intelligence.
I agree to the
terms of service
PLEASE CORRECT THE FOLLOWING:
Please Enter Some Keywords
Vulnerability Management Metrics: The Final Frontier
Operational Vulnerability Reports. An alarming yet common trend among organizations is to run a report that contains all the vulnerabilities under a particular system-owner and send them a very large report. Some organizations have matured beyond this point to provide reports that include everything with a “High” score. The main question then becomes: what defines a high-scoring vulnerability? To answer this, security analysts have typically said anything that is a CVSS 7 or above should be remediated. The PCI compliance standard, for example, says that a CVSS score of 7.0-10.0 is High, 4.0-6.9 is Medium, and 0.0 to 3.9 is Low. In common practice, system administrators have said that there are far too many vulnerabilities that are a CVSS score of 10 and above to remediate within a reasonable time frame. Depending on the organization, system administrators are committed to remediating anywhere from one to ten vulnerabilities per month. So the first question they pose to the security analysts is: which of these CVSS 10 scoring vulnerabilities is the most severe? Vulnerability Management Risk Scoring.
I'm for real
Enter your email once to access all our information and resources.
(Your email address is required so we know you're a real person)
By downloading this content, you give permission for your contact information to be shared with the content provider who may contact you in regards to the content.