CPE Data and False Positives in Vulnerability Management
![The use of CPE data by vulnerability scanners is responsible for many of VM's false positives.](https://trackd.com/wp-content/uploads/2024/07/False-Positives-Blog-Image.png)
The problem of false positives in vulnerability management can largely be attributed to the use of CPE (Common Platform Enumeration) data in the correlation process, a critical first step in vulnerability management.
A Faster Horse
![](https://trackd.com/wp-content/uploads/2024/07/Rage-Blog-Image-1.png)
Today, those in vulnerability management often create development environments (aka sandboxes) to test whether or not new patches will cause disruptions on their networks…just like they’ve been doing for 3 decades. Which leads to only one conclusion: ARPA-H is funding an effort to build a faster horse.
Why Existing Vulnerability Management Solutions Aren’t Working
![Vulnerability Management is broken, and there's a simple reason why.](https://trackd.com/wp-content/uploads/2024/01/VM-is-Broken-Blog-Image.png)
The vulnerability management market answers every question a practitioner or cybersecurity professional could want answered…except the only one that matters: will this patch break my shit.
If it Ain’t Breaking Stuff, Fix It
![A cute puppy and vulnerability management - unlikely combination](https://trackd.com/wp-content/uploads/2023/04/Screenshot-by-Snip-My-at-Apr-13-2023-at-100145-AM.png)
Tell us when patches are disruptive? Sure. But more importantly, let us know when they’re not, information that’s potentially much more actionable.