The Effect Of Compliance Requirements On Vulnerability Management Strategies
HelpNet Security, Friday, November 29th, 2024
In this Help Net Security interview, Steve Carter, CEO of Nucleus Security, discusses the ongoing challenges in vulnerability management, including prioritizing vulnerabilities and addressing patching delays.
Why do you think challenges like prioritizing vulnerabilities and patching delays persist despite technological advances?
The increasing complexity of enterprise infrastructure, expanding attack surface, and improved vulnerability and exposure detection capabilities have all led to a drastic increase in the volume of findings that must be triaged.
For example, we are nearing a quarter of a million published CVEs at a 16 percent annual growth rate. Most organizations are not adequately staffed, nor do they have the appropriate technologies, to respond to the continuous stream of vulnerabilities. In many ways, it's a numbers game, and security teams simply cannot keep up.