A vulnerability management strategy that relies solely on CVSS for vulnerability prioritization is proving to be insufficient at best, according to Rezilion. In fact, relying solely on a CVSS severity score to assess the risk of individual vulnerabilities was shown to be equivalent to randomly selecting vulnerabilities for remediation. Additional context is required in order to allow for a more scalable and effective prioritization strategy. This context should stem from internal sources — aka the … More
The post Relying on CVSS alone is risky for vulnerability management appeared first on Help Net Security.
This article has been indexed from Help Net Security
Read the original article: