Relying on CVSS alone is risky for vulnerability management

A vulnerability management strategy that relies solely on CVSS for vulnerability prioritization is proving to be insufficient at best, according to Rezilion. In fact, relying solely on a CVSS severity score to assess the risk of individual vulnerabilities was shown to be equivalent to randomly selecting vulnerabilities for remediation. Additional context is required in order to allow for a more scalable and effective prioritization strategy. This context should stem from internal sources — aka the … More →

The post …

context cvss fact management prioritization remediation report rezilion risk score severity strategy survey vulnerabilities vulnerability vulnerability management vulnerability prioritization