Here is my fun paper that just got published: Five mistakes of vulnerability management - Computerworld
"Vulnerability management is viewed by some as an esoteric security management activity. Others see it as a simple process that needs to be done with Microsoft Corp.'s monthly patch update. Yet another group considers it a marketing buzzword made up by vendors.
This article will look at common mistakes that organizations make on the path to achieving vulnerability management perfection, both in process and technology areas."