No One Drinks From the Firehose: How Organizations Filter and Prioritize Vulnerability Information

The number of published software vulnerabilities is increasing every year. How do organizations stay in control of their attack surface despite their limited staff resources? Prior work has analyzed the overall software vulnerability ecosystem as well as patching processes within organizations, but not how these two are connected. We investigate...