Stop the Presses: Media Coverage as a Prioritization Metric for Vulnerability ManagementWe wondered whether mainstream media coverage of vulnerabilities changed how companies perform vulnerability management. So we asked them. Here’s what we learned. Ou
2019-06-28 - Admin Sysware
We wondered whether mainstream media coverage of vulnerabilities changed how companies perform vulnerability management. So we asked them. Here’s what we learned.
Our key findings were that :
- High-profile vulnerabilities are not just a concern for security teams. These vulnerabilities, whether or not technically critical, can pose serious reputational risks and require relationship management with customers, partners, regulators and other key stakeholders.
- Media coverage is not an objective metric for determining the true criticality of a vulnerability, particularly in the context of a specific enterprise. The role of the media is to investigate and report on stories, not conduct risk analysis.
- However, media coverage may still influence holistic risk evaluations. While security teams are aware that media coverage is not an ideal measure of technical risk, they need to discuss their risk evaluation process with others.
- Part of the role of a security team is to manage perceived risk and to advise key stakeholders, especially senior decision-makers, and enable a measured response to vulnerabilities based on contextualization, rather than hype.
>>> Learn More : https://www.tenable.com/blog/stop-the-presses-media-coverage-as-a-prioritization-metric-for-vulnerability-management?fbclid=IwAR1QN1cfiWlLxW0fmdEqkXiu1CLZXgYdt_mImUi0ic4tDi2zVzUF_1a9SJ8