CIO Influence
CIO Influence News Security

70% of Security Professionals Say Their Company’s Vulnerability Management Program is Somewhat Effective or Worse

by CIO Influence News Desk
70% of Security Professionals Say Their Company's Vulnerability Management Program is Somewhat Effective or Worse

NopSec, a leading risk-based vulnerability management platform, has released findings from their State of Vulnerability Management report.

The report surveyed 426 security professionals to better understand organizational vulnerability management and gain some insights into their day-to-day challenges, frustrations, and priorities.

Unremediated vulnerabilities are open doors that let malicious actors walk right through. Today, security teams are challenged enough by finding and shutting those open doors to keep their organization safe. Keeping track of those vulnerabilities and responding quickly and efficiently is one challenge—finding openings they might not even know about is another.

ITechnology Cloud News: RangeForce Introduces New Version of Cloud-based Security Team Readiness Threat Exercises

“The future of vulnerability management is risk-based. Yet I often see that, without a risk-based approach to prioritizing the ever-growing list of vulnerabilities, organizations leave themselves exposed,” said Lisa Xu, CEO of NopSec. “What this report found is that some organizations have effective ways to detect, respond to, and remediate their vulnerabilities, while other organizations have more blind spots than they think. I hope these insights will be helpful to security leaders as they evaluate and strengthen their vulnerability management program.”

ITechnology Cloud News: Organizations Can Now Accelerate Journey to the Cloud with Amazon FSx for NetApp ONTAP and Datadobi StorageMAP

Key findings include: 

  • 70% say their vulnerability management program (VMP) is only somewhat effective or worse.
  • 34% responded that their VMP was not very effective at all.
  • 53% of respondents said their organization does not consume third-party threat intel, like penetration tests, vulnerability disclosures, and IP or domain reputation scores.
  • 58% also do not use a risk-based rating system to prioritize vulnerabilities.
  • 62% of companies take 48 hours or longer to remediate vulnerabilities —some more than two weeks—to patch known critical vulnerabilities.
  • 58% of companies that track the volume of vulnerabilities have seen them double, triple, or quadruple over the past 12 months.

ITechnology Cloud News: Accenture Announces Intent to Acquire XtremeEDA to Expand Silicon Design Capabilities in Canada and US

 [To share your insights with us, please write to sghosh@martechseries.com]

CIO Influence News Desk is a dedicated news publication center that publishes the top news, insights and analysis related to Information Technology, Cloud Modernization, DevOps, Security, Storage and ML ops.

Related posts

Kontrol BioCloud Technology Identifies Influenza Virus in Testing

CIO Influence News Desk

Doogee V20 Launches With A Massive D******* Promo

CIO Influence News Desk

Carahsoft, Forescout, stackArmor Partner with Google Public Sector on ATO Pilot Program to Secure Federal Workloads

PR Newswire

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.