Software and hardware vulnerabilities continue to be one of the major areas of focus within organizational cybersecurity risk management programs. Addressing these challenges has multiple facets, many of which fall outside of any organizations ability to directly address them at scale. The complex web of standards, databases, law, and regulation has required the establishment of multiple organizations responsible for governance, promulgation, and delivery of critical vulnerability information on which nearly all organizations depend. Historically, consumers of vulnerability information have been largely underrepresented in these governing bodies, leaving critical decisions in the hands of stakeholders that lack the complete picture of how their decisions impact the day-to-day management of vulnerability risk for those that depend on what they are doing. The Vulnerability Management initiative will address the needs of a wide range of stakeholders across all sectors with the goal of ensuring that vulnerability management continues to evolve in ways that benefit all.
On September 13, the Coalition hosted its kickoff Vulnerability Management Workshop featuring speakers from across the spectrum who shared their thoughts on these important issues and discussed how stakeholders could most effectively engage to ensure that vulnerability-related policies and standards are rational and effective.