When reporting on patch levels for use in metrics as part of risk management there are two areas that are commonly dismissed which are...

There are three considerations for valuation of a security program: Security effectiveness: Is it doing its job? That is, how effective...