Vulnerability Management Program
Promote this Nomination
Photo Gallery
![]() |
Vulnerability Management Program

Additional Info
Company (that provides the nominated product / solution / service) | Information Security Branch - Government of BC |
Website | http://www2.gov.bc.ca/gov/content/governments/services-for-government/information-management-technology/information-security |
Company size (employees) | 10,000 or more |
Type of solution | Service |
In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:1. Built from scratch and customized for governments very complex network |
Brief Overview
The Vulnerability Management Program was designed to proactively identify and remediate security vulnerabilities before a security incident occurs. Due to the size and complexity of the BC Government network there is no vendor or commercial off-the-shelf solution that could independently deliver this program easily.
For the first time in government history, a team of dedicated security professionals undertook the seemingly impossible challenge to examine all one million addresses owned by government. The team took a completely new approach, overcame obstacles, and built a program that is looked to as a model for others across the industry.
As a result of this work many vulnerabilities were found. In a wonderful example of partnership with clients and vendors, teams across government they decreased this number to less than 2%. This represented a significant reduction in security risk to government.
To successfully deliver on this goal the team was required to:
• Identify a recurring source of vulnerabilities
• proactively identify vulnerabilities in gov infrastructure with recurring scans
• notify owners of vulnerabilities that were found
• work and follow up with owners for mutual success
• measure reduction of risk through reporting
The greatest tangible achievement was in the complete and proactive scanning of our large and complex infrastructure. We are now scanning continuously all year round. In the form of new custom built tools and processes the vast majority of the high risk vulnerabilities have been identified and successfully remediated.
Benefits of the Vulnerability Management program included brand new capabilities in vulnerability discovery, reporting and tracking through to successful mitigation:
• Reducing the likelihood of successful cyberattack
• Minimizing time and effort for incident response
• Ensuring additional safeguards for the protection of critical data.
• Meeting legal, regulatory, and policy requirements
• Reducing risk and minimizing impact
“If you think you can you will”