https://d915526f.spoiledlunch.pages.dev/Nerdy Stuff. Tech Talk. Zero Freshness. Analysis and commentary on GRC, security, and AI.Hugo 0.160.1en-usTue, 09 Jun 2026 09:00:00 -0400https://d915526f.spoiledlunch.pages.dev/articles/2026-05-01-the-kev-catalog-is-useful-but-it-is-not-a-prioritization-strategy/Tue, 09 Jun 2026 09:00:00 -0400https://d915526f.spoiledlunch.pages.dev/articles/2026-05-01-the-kev-catalog-is-useful-but-it-is-not-a-prioritization-strategy/Article • June 9, 2026 • 6 min read | Topics: Security | The Known Exploited Vulnerabilities catalog is one of the better things to happen to enterprise vulnerability management in years. It gives defenders a cleaner signal than generic severity scoring, …SpoiledlunchSecuritykevcisavulnerability managementprioritizationhttps://d915526f.spoiledlunch.pages.dev/articles/2026-04-28-why-vulnerability-management-breaks-long-before-patching-does/Tue, 28 Apr 2026 17:05:00 -0400https://d915526f.spoiledlunch.pages.dev/articles/2026-04-28-why-vulnerability-management-breaks-long-before-patching-does/Article • April 28, 2026 • 7 min read | Topics: Security | When leaders say their vulnerability program is struggling because patching is too slow, they are usually describing the last visible failure, not the first one. Patching is where the program becomes …SpoiledlunchSecurityvulnerability managementpatchingasset inventoryprioritization