Risk-Based Vulnerability Management (RBVM)

Risk-Based Vulnerability Management (RBVM) is a process that emphasizes prioritizing the most severe security vulnerabilities and remediating according to the risk that they pose to the organization. This approach is being more widely adopted as organizations realize they have far more vulnerabilities than they can remediate, and they need a way to prioritize which to fix first.

Vulnerabilities do not all pose the same risk to an organization. By considering a combination of a vulnerability’s discoverability and exploitability, potential impact, and the business context of the asset the vulnerability is on, security teams can identify and categorize the most critical risks before a business-critical breach occurs. Such a process is only optimally useful if it also considers risks on assets that IT/security teams are not already aware of.