Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Shifting from operational to risk-based response to vulnerabilities and exposures
Cyber Security: A Peer-Reviewed Journal,
8
(4),
361-374
(2025)
Abstract
Exploited vulnerabilities and zero-day exploits continue to increase in frequency and are expected to accelerate further. This paper evaluates the increase in exploited vulnerabilities and outlines the five most common challenges organisations encounter when remediating vulnerabilities quickly. By understanding the challenges organisations face, the paper identifies solutions and discusses improvements to help increase responsiveness and reduce exposure time. Some of the challenges are organisational and political. Others are more process and technical oriented. The proposed solutions include a combination of people, process and technology to improve organisations’ ability to respond to exploited or high-risk vulnerabilities in faster and more targeted ways, as opposed to trying to resolve all vulnerabilities. The paper proposes effective solutions organisations can use to improve their vulnerability remediation process and their ability to respond to exposures quickly, effectively and with measurable progress.
Keywords: zero-day exploit; risk-based remediation; vulnerability response; ring deployment; generative AI
The full article is available to subscribers to the journal.
Author's Biography
Chris Goettl is the Vice President of Product Management for risk and remediation products at Ivanti. Chris has over 20 years’ experience working with patch management and vulnerability management solutions. He is also a security evangelist speaking at security events globally where he gives guidance around modern cyber threats and how to combat them effectively. Chris hosts a monthly webinar focusing on Patch Tuesday and security vulnerabilities, and frequently blogs about security topics. You can find bylines and commentary from Chris in notable security news sources such as SC Magazine, Redmond Magazine, ComputerWorld, ThreatPost, Help Net Security and more.
