two cybersecurity experts in response to recent news that the National Institute of Standards and Technology (NIST), an agency of the US Department of Commerce, has partnered with IBM to use AI to rate the severity of publicly reported cyber vulnerabilities.
Gabriel Gumbs, VP of Product Strategy, STEALTHbits Technologies, says: “Applying AI, and in particular Watson to the scoring of vulnerabilities will be useful for keeping up with the increased NIST work load, however, I don’t foresee this addressing the issue of organizations still not patching their systems in time. In theory, the ranking of vulnerabilities helps prioritize which systems are patched first and how soon those patches are applied. I believe this program could go a step further and score both the inherit risk, and the residual risk of vulnerabilities when other controls are in place. This would allow for real world patch prioritization scenarios where organizations can apply controls that cab be rolled out faster than a patch, and in cases where patches do not [yet] exist still reduce their exposure.”