Gartner Blog Network

Category: 'vulnerability-management' Blog Posts

from the Gartner Blog Network

Considering Remediation Approaches For Vulnerability Prioritization

by Augusto Barros  |  May 2, 2019

As Anton said, we are starting our work on vulnerability management this year. One of the points I've started to look at more carefully is how much the different patching...

Read more »

Upcoming Vulnerability Management Research

by Anton Chuvakin  |  May 2, 2019

Given the long lead times for Vendor Briefings, here is our pre-announcement. Short summary: vulnerability management research is coming! Again! Our AAA all-star team (that is Augusto, Anna and me)...

Read more »

Does Vulnerability Assessment Even Matter?

by Anton Chuvakin  |  August 22, 2018

A few days ago I met somebody who holds a fairly fatalistic view of Vulnerability Assessment (VA) and, to a lesser extent, broader Vulnerability Management (VM) as well. In fact,...

Read more »

We Scan and We Patch, but We Don’t Do Vulnerability Management

by Anton Chuvakin  |  May 14, 2018

Lately, we’ve been flooded with calls about vulnerability management (VM). Many of the calls seem to be from organizations of medium to low security operations maturity, that are just starting...

Read more »

The Virtual Patch Analyst

by Augusto Barros  |  March 7, 2018

Is there a need, or place for a "virtual patch analyst"? If you look at our guidance on vulnerability management, you’ll see that one of the key components we suggest...

Read more »

All My Research Published in 2017

by Anton Chuvakin  |  December 28, 2017

To make it easy for the readers to find my research, here is the list of everything I published in 2017 [most co-authored with Augusto Barros]. Gartner GTP access is...

Read more »

Our new Vulnerability Assessment Tools Comparison is out!

by Augusto Barros  |  August 2, 2017

Vulnerability assessment is usually seen as a boring topic and most people think the scanners are all equal - reaching the "commodity" status. Well, for basic scanning capabilities, that's certainly...

Read more »

Update to our Vulnerability Management Guidance Doc

by Augusto Barros  |  June 22, 2017

Our updated Vulnerability Management Guidance document has just been published. It is a refinement to the guidance framework we created a couple of years ago. The focus on this one...

Read more »

WannaCry or Useful Reminders of the Realities of Vulnerability Management

by Anton Chuvakin  |  May 18, 2017

WannaCry whatever. Not that I am keyword trawling, but this recent Windows XP/NSA/North Korea/ransomware/bitcoin/OMG drama made me think about good old vulnerability management again – especially given that it is...

Read more »

Paper on Pentesting and Red Teams is OUT!

by Augusto Barros  |  April 18, 2017

As anticipated here, my short paper on pentesting and red teams is finally out. It was a fun paper to write as it follows a new model for us, GTP...

Read more »