Vulnerability management and patch management are not products. They are processes, and the products are tools used to enable the process. You cannot buy a hammer, nails and wood and expect them to just become a house, but you can go through the process of building the house or hire someone to do it for you as a service.

A few weeks ago, I woke up one morning to discover that Android had 34 software updates waiting for me. This was followed by my laptop wanting to reboot after installing the latest patches from Microsoft; my tablet needing a reboot after its latest firmware update; and my server screaming for me to put “yum” into action to install the latest patches available from Red Hat – all before 10:00 am in the morning!

Details of a Virtual Box 0-day privilege escalation bug were disclosed on GitHub earlier this week. This was the work of independent Russian security researcher Sergey Zelenyuk, who revealed the vulnerability without any vendor coordination as a form of protest against the current state of security research and bug bounty programs.

With each passing year, our world becomes more and more digital. Our social interactions and personal data as well as many of our jobs are based primarily on the internet. Although this shift has come with great benefits, it’s also opened us up to a heightened threat of cyber terrorism. 2017 saw some of the most devastating high-profile attacks in history, opening the eyes of business of all sizes to the importance of stronger security.