The above statements accurately summarize the contradiction between CISO’s perception of vulnerability management and the reality of its implementation. Undoubtedly vulnerability manage- ment is important. CISOs agree that there needs to be processes and resources in place to ensure the same. However, with 60% not patching their systems, the approach to vulnerability manage- ment seems to be more of a chore that needs to be performed rather than a well thought out strategy as it should be.

In this document we take a look at the common concerns and misconceptions that CISOs have regarding vulnerability management and address the same.