Vulnerability management is the time-consuming process of finding and patching a seemingly unlimited number of potential risks. The National Institute of Standards and Technology (NIST) reports more than 23,000 new vulnerabilities for 2022, where more than 17,000 are classified as critical. For many organizations, simply prioritizing vulnerabilities becomes a monumental task on its own. The resulting backlog makes an attractive target for threat actors who strike before fixes roll out.
A recent study revealed more than half of the organizations surveyed reported having more than 100,000 vulnerabilities sitting in backlogs. These organizations reported over a whopping 1.1 million backlogged vulnerabilities overall. Prioritization, effective tools and lack of detailed information about risks contributed to the massive backlogs accumulated.
How can organizations stay ahead of this tidal wave of backlogged vulnerabilities? A new Cybersecurity and Infrastructure Security Agency (CISA) initiative may hold some of the answers.
CISA Proposes a New Approach
NIST recently released its National Vulnerability Database statistics for 2022. Interestingly, the distribution of severe vulnerabilities over time dropped in 2022 compared to 2021, but this doesn’t mean vulnerabilities are any less of a threat. New risks will continue to spring up for as long as hardware and software run important systems. Balancing time between addressing severe and lesser vulnerabilities will always be a challenge.
This November, CISA announced a new initiative to transform vulnerability management. The agency is introducing a standardized approach to help shorten the time required for vendors to ..
Support the originator by clicking the read the rest link below.
