We are making good progress with the Vulnerability Management Maturity Model now. We have a very nice looking graphic that aligns activity across each stage of maturity. Next steps include demonstrating the business value of improving maturity, providing an assessment tool, and developing a white paper to fully explain this.
I should also note that we appear to be ahead of most folks in this line of thinking. I read an article on financial services cyber risk today where it appears that someone (the SEC, perhaps) is developing risk management standards that “firms in the industry could better use to spot and block cyber-attacks.” Sounds an awful lot like our Maturity Model. Nice to know we aren’t the only folks thinking about this and glad to see others following where we are already at.
I thought I’d share the mostly final graphic of the Maturity Model. This is something that anyone is free to use for their security program as long as you provide attribution to Core Security and I for our development of the Model.