The vulnerability management space continues to be a big challenge for organizations.
Under a new binding operational directive (BOD), CISA has developed a catalog of known, exploited vulnerabilities that federal agencies must address.
Google Project Zero's recent tweaking of its vulnerability disclosure window reflects how researchers are taking into account patch adoption when mulling disclosure policies.
On the heels of a September mandate from CISA, 90 percent of cabinet-level agencies have now published a vulnerability-disclosure policy (VDP).
Enterprises are patching more high-risk vulnerabilities faster now than just a year ago, new data from Kenna Security shows.