1、SurveySANS Vulnerability Management Survey 2022Written by David HazarOctober 20222022 SANS Institute2SANS Vulnerability Management Survey 2022Executive SummaryThe way companies build and deploy applications and services is evolving and the use of cloud,containers,and remote workers has continued to

2、expand at a rapid pace.We are also increasingly relying on third-party software and libraries.Although these changes have resulted in increased options for identifying,tracking,and remediating vulnerabilities,security organizations must be actively involved in these changes in order to effectively e

3、valuate and implement a vulnerability management(VM)program tailored to their organizations operations.VM continues to be a struggle for many organizations.Although we are seeing improvements in maturity year over year,we see many companies struggling with backlogs of vulnerabilities they cannot fix

4、and a growing number of vulnerabilities they are not even responsible for fixing.These vulnerabilities may require their vendors or the open-source community to provide or implement the fix.VM programs spend a good deal of time identifying and communicating vulnerability details,yet sometimes the en

5、d goal of these activitiesto help the technology organizations prioritize and treat or remediate the identified vulnerabilitiesis overlooked.Do we have a vulnerability management problem or a technology management problem?We should all be asking ourselves this question as we evaluate what we need to

6、 do to succeed in managing vulnerabilities and reducing risk for our respective organizations.Only by digging into the details to identify existing problems and starting to analyze how to solve them can we identify solutions.Even though many organizations have well-defined VM programs,certain aspect