Drata Logo Dark (New)
  • Product
  • Resources
  • Alliances
  • Customers
  • Company
    Sign inGet Started
  • Sign in
  • Get Started
HomeCompliance GlossaryWhat is Vulnerability Management?

What is Vulnerability Management?

Vulnerability management is the process of identifying, evaluating, treating, and reporting security vulnerabilities in systems and the software that runs on them. This, implemented alongside other security tactics, is vital for organizations to prioritize possible threats and minimize their “attack surface.”


Security vulnerabilities, in turn, refer to technological weaknesses that allow attackers to compromise a product and the information it holds. This process needs to be performed continuously in order to keep up with new systems being added to networks, changes that are made to systems, and the discovery of new vulnerabilities over time.


Maintaining a Vulnerability Management Policy is an integral part of the SOC 2 framework.

Join the Thousands of Companies that Trust Drata

See All Case Studies
Wiz logo 2
Airbase
TaskRabbit Logo
BambooHR Logo
Clearbit Logo
Superhuman
Alteryx logo
Lemonade Logo
Notion Logo
Vercel Logo
Wordpress VIP
Calendly Logo

View Drata Glossary

Learn more about other compliance and cybersecurity concepts in our glossary.

Read More

Solutions

StartupMid-MarketEnterpriseDrata PlatformIntegrations
Frameworks
SOC 2ISO 27001HIPAAGDPRNIST AI Risk ManagementFedRAMPNIS 2Custom FrameworksAll Frameworks
Resources
BlogEventsWebinarsReportsSOC 2 HubISO 27001 HubProduct UpdatesCompliance GlossaryAPI Documentation
Company
CareersCustomersAuditorsPartnersPressContact UsLegal
Trust
Security and ComplianceTrust CenterSystem StatusAccessibility

Drata Logo Light

© 2025 Drata Inc. All rights reserved.

|Privacy Notice|Legal