Your cyber intelligence source

The lifecycle of vulnerabilities: why timing is everything

The lifecycle of vulnerabilities: why timing is everything

How vulnerabilities are discovered, disclosed and dispatched makes a significant difference to risk management. And new research says we’re getting it wrong. Mark Mayne investigates…

Vulnerability management is vital for security teams: the volume of vulnerabilities rises daily and organised gangs are actively seeking out and exploiting unpatched networks. 

While the vulnerability disclosure and management industry is maturing rapidly, with an increasing uptake of bug bounty services helping hugely alongside improvements in automated tools, recent research has found that key assumptions behind some of the fundamental strategies – such as responsible disclosure – have flaws. 

One of the key discoveries was that responsible disclosure of a vulnerability before a patch is ready does not have the desired effect: companies do not respond with a sense of urgency. On average, attackers gain a 47-day advantage over defence teams when investigators release an exploit ahead of a patch’s availability. 

Upcoming Events


SC Unlocks: Insurance & Assurance

SC Unlocks: Insurance & Assurance aims to provide delegates with practical and business critical tools on how cybersecurity within the Insurance space works. The briefing will explore the unique challenges of the insurance sector, including how cybersecurity insurance (aka cyber liability insurance) can help reduce liability, strategies for risk management/ transfer, regulatory oversight and cyber asset valuations.