Discuss the importance of the two steps below from a vulnerability management program. Are they necessary? If so, why? Does criticality of the vulnerability make a difference to whether these steps are followed?
- Quality assurance by the company/organization deploying the fix or patch, not by the vendor
- Change control
Please provide ORIGINAL answers only and includes all references.