Hi all - just wondering what metrics you employ to demonstrate forward momentum on your vulnerability management program.
Interested in this as well - and how others configure their dashboards/reports to reflect this.
We track the vulnerability age and report that to all of our remediation teams and the Senior Leadership member for each team. We do this according to our Information Security Standard for vulnerability remediation. This gets published weekly in "vulnerability aging" report.
We use age, CVSS Temporal Score, and count of findings for a Vuln Rank and then provide vuln inventories of the findings sorted by the rank.
Retrieving data ...