Why you don’t have to fix every vulnerability
Image by Thinkstock
The word “vulnerability” typically comes with a “must fix now” response. However, not all vulnerabilities should be treated equally because not all of them pose a risk. It all depends on what the data represents. In fact, some vulnerabilities are OK to deprioritize, depending on associated threats and the value of the asset at risk. For example, a lock on a 20th floor window of a building is not as important as one on the ground level, unless the contents of the room are so valuable that a thief would take the effort to access such an unreachable place. Scans reveal thousands of vulnerabilities across all assets – networks, applications, systems and devices – but they do not show which ones could lead to a damaging compromise if not fixed immediately. It is not about ignoring vulnerabilities; it is about prioritizing how you apply your resources to remediate them. Bay Dynamics provides some examples of vulnerabilities that are OK to put on the back burner.
To read this article in full or to leave a comment, please click here
Read more: Why you don’t have to fix every vulnerability
More antivirus and malware news?
- New products of the week 4.10.17
- Swift hopes daily reporting will help stem payment fraud
- Java Zero-Day In The Wild
- Jamf CEO: ‘Technology has become the entire employee experience’
- PoC Exploits Released for Unpatched Edge, IE Vulnerabilities
- Researchers Publish Details on Recent Critical Hyper-V Vulnerability
- Microsoft acknowledges "in the wild" Internet Explorer zero-day
- HITB+CyberWeek 2019 concludes with PROCTF showdown in Abu Dhabi
- Sowbug APT uses Felismus backdoor to for cyberespionage operations
- Twitter could be banned in the UK