For Effective Patch Management, Don’t Overlook Risk

Patch management has always been an evergreen topic for security practitioners. Each time poor patching is identified as the root cause of a breach, it triggers a new flood of opinions on the countless dos and don’ts of triaging common vulnerabilities and exposures (CVEs), understanding criticality scores, and deploying patches. Often left out of the conversation, however, is an especially crucial variable: risk.