ITechnology Series News Security

70% of Security Professionals Say Their Company’s Vulnerability Management Program is Somewhat Effective or Worse

70% of Security Professionals Say Their Company's Vulnerability Management Program is Somewhat Effective or Worse

NopSec, a leading risk-based vulnerability management platform, has released findings from their State of Vulnerability Management report.

The report surveyed 426 security professionals to better understand organizational vulnerability management and gain some insights into their day-to-day challenges, frustrations, and priorities.

Unremediated vulnerabilities are open doors that let malicious actors walk right through. Today, security teams are challenged enough by finding and shutting those open doors to keep their organization safe. Keeping track of those vulnerabilities and responding quickly and efficiently is one challenge—finding openings they might not even know about is another.

ITechnology Cloud News: RangeForce Introduces New Version of Cloud-based Security Team Readiness Threat Exercises

“The future of vulnerability management is risk-based. Yet I often see that, without a risk-based approach to prioritizing the ever-growing list of vulnerabilities, organizations leave themselves exposed,” said Lisa Xu, CEO of NopSec. “What this report found is that some organizations have effective ways to detect, respond to, and remediate their vulnerabilities, while other organizations have more blind spots than they think. I hope these insights will be helpful to security leaders as they evaluate and strengthen their vulnerability management program.”

ITechnology Cloud News: Organizations Can Now Accelerate Journey to the Cloud with Amazon FSx for NetApp ONTAP and Datadobi StorageMAP

Key findings include: 

  • 70% say their vulnerability management program (VMP) is only somewhat effective or worse.
  • 34% responded that their VMP was not very effective at all.
  • 53% of respondents said their organization does not consume third-party threat intel, like penetration tests, vulnerability disclosures, and IP or domain reputation scores.
  • 58% also do not use a risk-based rating system to prioritize vulnerabilities.
  • 62% of companies take 48 hours or longer to remediate vulnerabilities —some more than two weeks—to patch known critical vulnerabilities.
  • 58% of companies that track the volume of vulnerabilities have seen them double, triple, or quadruple over the past 12 months.

ITechnology Cloud News: Accenture Announces Intent to Acquire XtremeEDA to Expand Silicon Design Capabilities in Canada and US

 [To share your insights with us, please write to]

Related posts

Cloud4C Expands Its Managed Cloud Services with Highly Secure SD-WAN Solution

ITech News Desk

IBM Welcomes LG Electronics to the IBM Quantum Network to Advance Industry Applications of Quantum Computing

ITech News Desk

Palo Alto Networks Positioned as a Leader in 2021 Gartner Magic Quadrant for WAN Edge Infrastructure

ITech News Desk

Leave a Comment