This article begins with an overview, in non-technical terms, of the tools generally available and processes implemented for vulnerability management and patch management. Section II identifies some of the evolving security standards that regulators and plaintiffs may rely on to show that companies are legally required to have vulnerability management and patch management. Section III identifies U.S. legal implications of vulnerability management and patch management and factors that a court and regulators may consider.
James T. Kitchen, David R. Coogan & Keeton H. Christian,
The Evolution of Legal Risks Pertaining to Patch Management and Vulnerability Management,
Duq. L. Rev.
Available at: https://dsc.duq.edu/dlr/vol59/iss2/6