ADVERTISEMENT

Why security experts believe we should manage software flaws like a critical illness

As with diabetes or heart disease in humans, we may simply have to learn to manage – rather than eliminate – the majority of software bugs, experts say.

human chest with heart with the letters CVE

Image by Cybernews

Ann-Marie Corvin
Ann-Marie Corvin Senior Journalist
Apr 20, 2026 Updated: 21 April 2026 4 min read
Key takeaways:
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Add us as your Preferred Source on Google.
Anthropic Claude Mythos
Besides banks and critical infrastructure, should most organizations care about AI's like Mythos finding 20-year-old bugs?

More flaws, but it’s just not that deep

healthcare professionals
Experts argue we're going to have to accept that systems may always be "a little sick" but that it's okay as long as they can still function.” Image from Shutterstock

Learnings from OT

critical infrastructure
In OT, if a vulnerability does not affect day-to-day operations, it is often managed rather than fixed. Image by Kittirat Roekburi | Shutterstock

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites
ADVERTISEMENT
"There will always be vulnerabilities. They are inevitable. We need to decide which ones matter.”
Christina Hofer, researcher, Forescout Vedere Labs

NIST changes

servers, vulnerability
Less than 2% vulnerabilities have been exploited in the wild as of 2026, out of a total of 310,000

When the treatment outweighs the benefits

"We’re treating a chronic illness by focusing on the symptoms that actually threaten the patient’s life – exploits that can jump from the lab to a production server.”
Joe Brinkley, pentester, Cobalt

Not everyone agrees

inside Denver air traffic control center
Some argue risk management in cyber is better compared air traffic control. Image: Getty Images
“No flight is perfectly safe. The system runs on calibrated, continuously monitored acceptable risk.”
David E. Williams, CEO, Atumcell

ADVERTISEMENT