What is Vulnerability Management?

Vulnerability management is the ongoing practice of identifying, assessing, prioritizing, and remediating security vulnerabilities across an organization’s IT environment, with continuous monitoring to reduce the attack surface. It involves building an up-to-date asset inventory, conducting regular vulnerability scans, scoring findings by risk, prioritizing fixes based on impact and exploitability, applying patches or compensating controls, and verifying that the fixes are effective. This lifecycle is continuous and integrated with other security processes like patch management and risk management, rather than being a one-time task. Baseline refers to a standard configuration for comparison, centralized architecture describes a design approach for consolidating processing, and a gateway device is a network security appliance; none of these capture the ongoing, proactive process of managing vulnerabilities like vulnerability management does.