Most security assessments only includes CVE’s and known vulnerabilities but many fail to address the true potential security risks. And this will create a big problem for your organization.

The problem starts because most organizations only wants to have a security analysis based on know-existent vulnerabilities, like a “tell me what KB to patch”, but this approach is not good and fails to protect you in two ways: