CVE-2026-27447:
It’s critical, but luckily we know how to deal with it.

Overview

Compounding all of this is the reality that people join and leave teams all the time. And when it comes to vulnerability management, this exacerbates the challenge given that when AppSec stakeholders leave, it’s that much harder to preserve institutional knowledge and maintain a stable, effective process.

I saw this firsthand while working with one of the largest banks in the world. After months of effort, the AppSec team had finally developed a system that worked well with engineering – balancing which vulnerabilities could be safely accepted as exceptions and which ones needed to be fixed. But when two critical team members left, their replacements lacked the context and experience to manage those decisions. The process quickly unraveled, and vulnerabilities began to pile up at an alarming rate.