As part of a recent ESG research project on cyber risk management, 340 cybersecurity and IT professionals were asked to identify their organizations biggest vulnerability management challenge. Many organizations find it difficult to manage processes from vulnerability scanning, to trouble ticketing, to change management, to patching. As Bruce Schneier says, Security is a process, not a product In this case, the processes are broken, and these processes require strong collaboration between security and IT operations personnel.”]