Why are reputable outside sources used in the vulnerability management process?

• A. To delay vulnerability identification
• B. To replace internal monitoring
• C. To identify new vulnerabilities and inform risk ranking
• D. To avoid patches entirely

Answer: (C)

Staying current with new weaknesses and how dangerous they are is the key idea. Reputable outside sources provide timely vulnerability disclosures, CVE entries, vendor advisories, and security research, which often reveal issues that internal scanners miss or have not yet identified. They supply context like exploit availability, affected products, and severity, which you combine with your asset inventory to judge risk and prioritize remediation. In practice, these external feeds help you identify newly published vulnerabilities and understand how likely they are to impact your environment, so you can rank and act on fixes more effectively. They supplement internal monitoring rather than replace it, and they guide patch decisions rather than suggesting avoiding patches.