WHAT IS IT?
While a vulnerability is a potential risk to an organization, it does not threaten an organization in and of itself. A vulnerability only becomes a problem when it is exploited.
WHY IMPORTANT
Identifying vulnerabilities before attackers exploit them is a much more cost-effective approach to vulnerability management. The sooner vulnerabilities are identified and remediated in the Software Development Lifecycle (SDLC), the lower the cost to the organization.