all InfoSec news
Relying on CVSS alone is risky for vulnerability management
Help Net Security www.helpnetsecurity.com
A vulnerability management strategy that relies solely on CVSS for vulnerability prioritization is proving to be insufficient at best, according to Rezilion. In fact, relying solely on a CVSS severity score to assess the risk of individual vulnerabilities was shown to be equivalent to randomly selecting vulnerabilities for remediation. Additional context is required in order to allow for a more scalable and effective prioritization strategy. This context should stem from internal sources — aka the … More
The post …
context cvss fact management prioritization remediation report rezilion risk score severity strategy survey vulnerabilities vulnerability vulnerability management vulnerability prioritization