Teams digging out of security debt need to answer only two simple questions: Which vulnerabilities in our systems are exposed, and how long should they stay that way?
Get Out of Security Debt by Tackling the Exposure Problem
Summary + source link. No paywalls, no tracking.