Jason St-Cyr :mstdn:<p>If you’re the one who gets CVE alerts and has to convince others to take them seriously, this whitepaper might help. It has some with stats and positioning that can support your case for prioritizing vulnerability management.</p><p>Yeah, there’s a bit about how <a href="https://mstdn.ca/tags/Perforce" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Perforce</span></a> <a href="https://mstdn.ca/tags/Puppet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Puppet</span></a> can help at the end, but there are good business case things on MTTR and breach risks too. Some links in there to some supporting reports from other sources, as well.</p><p><a href="https://mstdn.ca/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://mstdn.ca/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a></p><p><a href="https://www.puppet.com/resources/vulnerability-management-business-value" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">puppet.com/resources/vulnerabi</span><span class="invisible">lity-management-business-value</span></a></p>