The concept of vulnerability management has undergone a number of changes in the last few years. It is no longer simply a synonym for vulnerability assessment, but has grown to include vulnerability prioritization, remediation and reporting.

It has also grown in scope: vulnerabilities don’t just affect IT networks and databases, but also applications, cloud infrastructures, container environments, the mobile infrastructure, IoT devices and OT networks.

It is now expected that a comprehensive enterprise vulnerability management program must cover all those bases.