1
1
In t r o d u c t I o n
Vulnerability management (VM) is the cyclical practice of identify-
ing, classifying, remediating, and mitigating vulnerabilities. is is
a broad definition that has implications for corporate or government
entities, which will be discussed in this book. It is not a new discipline,
nor is it a new technology. is vital function has been a normal part
of hardening defenses and identifying weaknesses to systems, pro-
cesses, and strategies in the military and in the private sector. With
growing complexity in organizations, it has become necessary to draw
out this function as a unique practice complete with supporting tools.
is has resulted in an important refinement of the definition of VM
as a segment of risk managemen