Vulnerability Management

Vulnerability management is a continuous set of proactive security practices designed to keep track of a computer system’s security status so that an organization can prevent attacks to systems before they occur.

Vulnerability management begins with regular automated vulnerability scanning and periodic application penetration testing. Taking these two steps will help organizations identify many potential exploits.

Once these vulnerabilities are identified, part of the vulnerability management program is categorizing and prioritizing vulnerabilities so that an organization can choose which vulnerabilities to fix. Almost no organization can realistically fix every known vulnerability in its system because of time and cost involved. Therefore, a very important part of vulnerability management is tracking known vulnerabilities over time and prioritizing them for fixing if the threat level warrants it. For example, current software systems are built using many different components. Each component can contain unique security complexities that require periodic patches as vulnerabilities are identified.

By regularly checking software systems for security vulnerabilities and keeping track of them over time, a good vulnerability management system can prevent security attacks and save an organization time and money it would spend in reacting to attacks after they happen.