Related link: http://www.computerworld.com/printthis/2006/0,4814,107647,00.html

Do you think vulnerability management is fun? Me too! :-)

Here is a paper [OK, my paper…] about “common mistakes that organizations make on the path to achieving vulnerability management perfection, both in process and technology areas.”

  • Scanning but failing to act
  • Thinking that patching is the same as vulnerability management
  • Believing that vulnerability management is only a technical problem
  • Assessing a vulnerability without looking at the whole picture
  • Being unprepared for the unknown - “zero-day exploits”