“Vulnerability Management: What You Don’t Know from Your External Scans Can Be Used Against You,” Cybersecurity Law Report, October 14, 2020.

The costs and risks, as well as the difficulty of vulnerability management, have long been known to cybersecurity professionals and technologists. In the first article of this three-part series, the authors highlight several recent state and federal legal and enforcement actions focusing on company vulnerability management programs, with the potential for significant fines and penalties. The second article will take a deeper dive into third-party scanning tools and how they may be used by unauthorized or unsolicited third parties to identify vulnerabilities.