Patch-Management
CISA Known Exploited Vulnerabilities (KEV) — What It Means and Why It Changes Patch Priority
The CISA Known Exploited Vulnerabilities (KEV) Catalog lists CVEs that are confirmed to be actively exploited in the wild. This SECMONS glossary entry explains what KEV is, how vulnerabilities are added, how due dates work, and how defenders should operationalize KEV tracking in enterprise environments.
Patch Management — Deploying Security Updates to Reduce Exploitable Risk
Patch Management is the operational process of acquiring, testing, deploying, and verifying software updates to remediate security vulnerabilities. This SECMONS glossary entry explains how patch management works, how it differs from vulnerability management, and why delayed patching leads to real-world exploitation.
Zero-Day Vulnerability — What It Means, How It’s Used, and Why It’s High Risk
A zero-day vulnerability is a software flaw that is exploited before a patch is available or before the vendor is aware of it. This SECMONS glossary entry explains what qualifies as a zero-day, how it differs from n-day vulnerabilities, how zero-days are weaponized, and how defenders should respond.