Not only has vulnerability management changed considerably over the years, but so have the systems on which enterprise security teams must identify and patch. Today there are systems on-premises, IoT devices, public and private clouds, and substantially more custom applications. No more do vulnerability management systems just focus on networks and private hosted applications. Today, they must be able to assess all of these systems and identify the vulnerabilities and help enterprise security teams make better remediation decisions.
For vulnerabilities to be dangerous, they have to be exploitable. A vulnerability on a system that can’t be exploited isn’t much of a danger. Knowing what is truly dangerous is essential so enterprises can plan what to fix immediately and what can be patched or mitigated later.