Vulnerability Management as an Improvement Loop

Pushing a patch is where the danger begins; confirm it actually landed and track time to remediate.
Sawan Joshi

Sawan Joshi

Sawan Joshi

,

CISO

,

FDM Group

June 11, 2026

Emerging threats are overwhelming security teams. New vulnerabilities can be identified reasonably fast with the common approach of platforms that run scans across your assets, and teams can still bank on their strong change approval boards and the rollout of patches. But that is where the pressure often stops, and where the danger exists.

We have increased risks with AI-driven capabilities for identification and exploitation. Both sides of the law are leveraging capabilities. However, operational teams have often stopped where patches are rolled out, and not focused on a key metric, which is to ensure the patch is deployed and reporting back with a healthy state. With remote workers, large organisations often gave a patience level, a window of grace, for the possibility of people on vacation, or computers simply not used and stored in storage for a while.

Starting With the Assets

A strong asset management process will answer questions about assets within minutes. There should be no guesswork about the status of an asset, and getting this optimised is the key input to a robust vulnerability management capability. Who, and in what role, has access to it, the privileges of that role, what is on it and where it is, and how the data on it is secured, are examples of what should be under control, with the capability to isolate and remote wipe those assets.

Raising the Patch Confidence Level

With a good vulnerability management operation, teams will not stop at pushing a patch. They will use a metric-driven dashboard to track how long it takes for a vulnerability to leave their estate, so a new vulnerability is not still lingering around for 30 to 60 days because it has not been installed.

Constant Improvement

These confidence levels of an organisation's capability are facts that drive security teams' brand value up in the board room. Knowing your operation, and being able to true up to its negative, positive and future better state with objective and key result focused delivery plans, is going to ensure you're supporting your organisation to look strong in the supply chain, and your board of directors will have the answers they are advised to obtain, potentially before they even ask for it.

Continue Reading
Access the entire report with exclusive data and actionable insights from your peers.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Hear From Our Community

Tool and strategies modern teams need to help their companies grow.

View All
How Startups Can Leverage Sagetap
Announcements

How Startups Can Leverage Sagetap

Hear what Stephen Burton, former CMO of Bionic (acquired by Crowdstrike in 2023), says about his success using Sagetap.
June 6, 2024
Ravi Nori, Sr. Director of Cloud & AppSec at Gopuff
Spotlights

Ravi Nori, Sr. Director of Cloud & AppSec at Gopuff

"Sagetap organizes the vendor discovery process for me. We've POC'ed three products so far."
March 1, 2024
Descope
Founder Stories

Descope

The founders of Descope are not just redefining authentication protocols but shaping the future of digital applications.
February 13, 2024

Get Started

Join over 4,000+ startups already growing with Sagetap.

Get Started