Gartner Blog Network

Category: 'vulnerability-management' Blog Posts

from the Gartner Blog Network

The New Vulnerability Management Guidance Framework

by Augusto Barros  |  October 25, 2019

After a huge delay I can finally announce that the new version of our Vulnerability Management Guidance Framework is out! Although it is a refresh of a document that has...

Read more »

Vulnerability Management in DevOps-style IT?

by Anton Chuvakin  |  June 4, 2019

As we mentioned here, the team (primarily Augusto and Anna, really) have started a project related to vulnerability management (VM) in “modern” (emerging, new, novel – the term matters not...

Read more »

Is Vulnerability Management Hopeless?

by Anton Chuvakin  |  May 29, 2019

As card-carrying “cyber” security professionals, we have a compulsion to share and revel in depressing news, at least once in a while. Here is my contribution today: is vulnerability management...

Read more »

Considering Remediation Approaches For Vulnerability Prioritization

by Augusto Barros  |  May 2, 2019

As Anton said, we are starting our work on vulnerability management this year. One of the points I've started to look at more carefully is how much the different patching...

Read more »

Upcoming Vulnerability Management Research

by Anton Chuvakin  |  May 2, 2019

Given the long lead times for Vendor Briefings, here is our pre-announcement. Short summary: vulnerability management research is coming! Again! Our AAA all-star team (that is Augusto, Anna and me)...

Read more »

Does Vulnerability Assessment Even Matter?

by Anton Chuvakin  |  August 22, 2018

A few days ago I met somebody who holds a fairly fatalistic view of Vulnerability Assessment (VA) and, to a lesser extent, broader Vulnerability Management (VM) as well. In fact,...

Read more »

We Scan and We Patch, but We Don’t Do Vulnerability Management

by Anton Chuvakin  |  May 14, 2018

Lately, we’ve been flooded with calls about vulnerability management (VM). Many of the calls seem to be from organizations of medium to low security operations maturity, that are just starting...

Read more »

The Virtual Patch Analyst

by Augusto Barros  |  March 7, 2018

Is there a need, or place for a "virtual patch analyst"? If you look at our guidance on vulnerability management, you’ll see that one of the key components we suggest...

Read more »

All My Research Published in 2017

by Anton Chuvakin  |  December 28, 2017

To make it easy for the readers to find my research, here is the list of everything I published in 2017 [most co-authored with Augusto Barros]. Gartner GTP access is...

Read more »

Our new Vulnerability Assessment Tools Comparison is out!

by Augusto Barros  |  August 2, 2017

Vulnerability assessment is usually seen as a boring topic and most people think the scanners are all equal - reaching the "commodity" status. Well, for basic scanning capabilities, that's certainly...

Read more »