A patch for the vulnerability that attackers exploited was available two months prior to the attack. The most effective vulnerability management programs work toward a goal—and it’s not “to better mitigate risk.” That is not a goal. A vulnerability management solution can prioritize vulnerabilities based on industry-wide measurements like the MITRE and CVE scores, which identify the severity of a vulnerability, as well as the unique makeup of your organization. The attack path to the vulnerability Whether an exploit exists for the vulnerability The exploit’s ease or difficulty of use Whether the exploit requires local access Once you have a prioritized list of vulnerabilities, you can begin your patching efforts, focusing on the most severe vulnerabilities. The Equifax data breach is yet another wake-up call that should cause companies and their security teams to re-evaluate their vulnerability management programs.