Why you don’t have to fix every vulnerability
Image by Thinkstock
The word “vulnerability” typically comes with a “must fix now” response. However, not all vulnerabilities should be treated equally because not all of them pose a risk. It all depends on what the data represents. In fact, some vulnerabilities are OK to deprioritize, depending on associated threats and the value of the asset at risk. For example, a lock on a 20th floor window of a building is not as important as one on the ground level, unless the contents of the room are so valuable that a thief would take the effort to access such an unreachable place. Scans reveal thousands of vulnerabilities across all assets – networks, applications, systems and devices – but they do not show which ones could lead to a damaging compromise if not fixed immediately. It is not about ignoring vulnerabilities; it is about prioritizing how you apply your resources to remediate them. Bay Dynamics provides some examples of vulnerabilities that are OK to put on the back burner.
To read this article in full or to leave a comment, please click here
Read more: Why you don’t have to fix every vulnerability
More antivirus and malware news?
- Flaws in DHS Systems Put Sensitive Data at Risk: Audit
- Edward Snowden: ‘The US government will say I aided our enemies’ – video interview
- Russian Pleads Guilty to Role in Linux Botnet Scheme
- Digitally signed data-stealing malware targets Mac users in “undelivered courier item” attack
- Microsoft Investigating GitHub Account Hacking Claims
- RSAC22 and Infosecurity Europe, Three Weeks, Two Events
- Resolved: Research Network Infrastructure Move
- Critical Flaw in GE Protection Relays Exposes Power Grid: Researchers
- HKCERT: Hong Kong security incidents surged 30% in 2012
- DHS May Require US Citizens Be Photographed at Airports