Cybersecurity Glossary

Risk-Based Vulnerability Management (RBVM)

Risk-Based Vulnerability Management (RBVM) is a process that emphasizes prioritizing the most severe security vulnerabilities and remediating according to the risk that they pose to the organization. This approach is being more widely adopted as organizations realize they have far more vulnerabilities than they can remediate, and they need a way to prioritize which to fix first.

Vulnerabilities do not all pose the same risk to an organization. By considering a combination of a vulnerability’s discoverability and exploitability, potential impact, and the business context of the asset the vulnerability is on, security teams can identify and categorize the most critical risks before a business-critical breach occurs. Such a process is only optimally useful if it also considers risks on assets that IT/security teams are not already aware of.

See Also
Learning Center Vulnerability Management
What Is Vulnerability Management? Process, Tools & Tips

Vulnerability management is a comprehensive approach to identifying and reporting on security vulnerabilities in systems and the software they run.

Learning Center Vulnerability Management
Building Your Vulnerability Management Program: Practical Guide

A vulnerability management program is a proactive approach to identifying, reporting vulnerabilities in an organization's systems, networks, and infrastructure.

Resources Datasheets
Vulnerability Management with the CyCognito Platform

The CyCognito platform delivers proactive vulnerability management (VM) so you can eliminate the critical risks sophisticated attackers target first.

CyCognito Report

State of External Exposure Management, 2024 Edition

State of External Exposure Management Report

Critical vulnerabilities often hide in plain sight—especially in your web servers.

The report is a must-read for understanding today’s external risks and how to prioritize them effectively. Download the report to stay ahead of emerging threats and strengthen your security posture for 2025.

Get the Report