However, the recurring presence of vulnerabilities, means you have insecure software and you need to fix your SDLC, provide security based developer training and enhance the security review process.
Lastly, if you don't know if you have vulnerabilities, then you are at square one.
- Assess to discover vulnerabilities
- Analyze to determine root cause
- Remediate technical vulnerabilities
- Address root cause in the overall process
- Rinse and Repeat