Reporting
The management of an organization will require a vulnerability report in order to make informed decisions regarding vulnerability management. These reports are produced by the vulnerability scanning systems and should include the following:
- Vulnerability overview: This is a summary of the current vulnerability landscape, including the total number of vulnerabilities, their severity distribution, and trends over time.
- CVSS scores: These relate detailed information on the varying levels of severity for identified vulnerabilities, and those of the highest priority that require immediate attention should be highlighted.
- Remediation progress: This is an update on the status of remediation efforts, including the number of vulnerabilities addressed and those still pending.
- Risk reduction: The report should include metrics by which to measure vulnerability management activities that have contributed to reducing the organization’s overall cybersecurity risk...