A vulnerability management strategy that relies solely on CVSS for vulnerability prioritization is proving to be insufficient at best, according to Rezilion. In fact, relying solely on a CVSS severity score to assess the risk of individual vulnerabilities was shown to be equivalent to randomly selecting vulnerabilities for remediation. Additional context is required in order to allow for a more scalable and effective prioritization strategy. This context should stem from internal sources — aka the … More

The post Relying on CVSS alone is risky for vulnerability management appeared first on Help Net Security.