"What’s the Best Approach to Patching Vulnerabilities?"
A team of researchers from Cyentia, Virginia Tech, and RAND Corporation recently presented a paper, titled Improving Vulnerability Remediation Through Better Exploit Prediction, in which they discuss their study on strategies for the prioritization of vulnerabilities. The strategies examined in this research include using the CVSS (Common Vulnerability Scoring System) score, patching bugs with known exploits, and patching bugs with specific tags. A machine learning model was created for each strategy in order to compare the performance of the strategies against rules-based approaches. This article continues to discuss the study in relation to how it was conducted and its findings.
Naked Security reports "What’s the Best Approach to Patching Vulnerabilities?"