Rather than focusing on applying all new patches as soon as possible, a new report from Kenna Security and the Cyentia Institute suggests organizations tackle security from the vantage point of prioritization. With over 110,000 CVEs published-and roughly 300 new CVEs published per week in 2018-staying current with vulnerabilities as they are uncovered is likely to become overwhelming. Likewise, doing so can overextend IT security professionals. And making patching into a numbers game easily leads to a higher number of low-risk vulnerabilities being patched, diverting attention from high-risk vulnerabilities which require more effort to patch. To help organizations appropriately prioritize their patching programs, the report provides three tips, the first of which is to improve an overly-simple or overly-complex decision making tree for vulnerability remediation. Read the article at Tech Republica.