Deciding which vulnerabilities to remediate is a daunting task. In a perfect world, all vulnerabilities would be remediated as discovered. But unfortunately, that doesn’t happen in the real world. Reality necessitates prioritization, but how can we measure the quality of prioritization?
There are a number of remediation strategies out there to help organizations prioritize their vulnerability remediation efforts. Kenna Security and the Cyentia Institute studied the effectiveness of several. This paper provides a snapshot of the findings and details how remediation based on a predictive model came out ahead.