Gartner Blog Network

Category: 'vulnerability-management' Blog Posts

from the Gartner Blog Network

The New Vulnerability Management Guidance Framework

by Augusto Barros  |  October 25, 2019

After a huge delay I can finally announce that the new version of our Vulnerability Management Guidance Framework is out! Although it is a refresh of a document that has...

Read more »

Comments: 8

Vulnerability Management in DevOps-style IT?

by Anton Chuvakin  |  June 4, 2019

As we mentioned here, the team (primarily Augusto and Anna, really) have started a project related to vulnerability management (VM) in “modern” (emerging, new, novel – the term matters not...

Read more »

Comments: 5

Is Vulnerability Management Hopeless?

by Anton Chuvakin  |  May 29, 2019

As card-carrying “cyber” security professionals, we have a compulsion to share and revel in depressing news, at least once in a while. Here is my contribution today: is vulnerability management...

Read more »

Considering Remediation Approaches For Vulnerability Prioritization

by Augusto Barros  |  May 2, 2019

As Anton said, we are starting our work on vulnerability management this year. One of the points I've started to look at more carefully is how much the different patching...

Read more »

Upcoming Vulnerability Management Research

by Anton Chuvakin  |  May 2, 2019

Given the long lead times for Vendor Briefings, here is our pre-announcement. Short summary: vulnerability management research is coming! Again! Our AAA all-star team (that is Augusto, Anna and me)...

Read more »

Comments: 2

Does Vulnerability Assessment Even Matter?

by Anton Chuvakin  |  August 22, 2018

A few days ago I met somebody who holds a fairly fatalistic view of Vulnerability Assessment (VA) and, to a lesser extent, broader Vulnerability Management (VM) as well. In fact,...

Read more »

Comments: 6

We Scan and We Patch, but We Don’t Do Vulnerability Management

by Anton Chuvakin  |  May 14, 2018

Lately, we’ve been flooded with calls about vulnerability management (VM). Many of the calls seem to be from organizations of medium to low security operations maturity, that are just starting...

Read more »

The Virtual Patch Analyst

by Augusto Barros  |  March 7, 2018

Is there a need, or place for a "virtual patch analyst"? If you look at our guidance on vulnerability management, you’ll see that one of the key components we suggest...

Read more »