Vulnerabilities often arise from a failure to openly communicate, fully understand and appropriately resource enterprise risk. In this three-part guest article series, Alston & Bird attorneys Kim Peretti, Amy Mushahwar and Jon Knight identify challenges and offer practical solutions to address the increased legal risk of vulnerability management. This second installment dives deep into the risks of external scanning, third-party scanning tools and the ways they may be used by unauthorized or unsolicited third parties to identify vulnerabilities. Part three will provide questions and shared legal and technical terminology to better understand the challenges. Part one highlighted several recent state and federal legal matters that call into question the adequacy of the respective companies’ vulnerability management programs, and included practical takeaways to help legal and risk professionals shore up their administrative controls and aid security. See also “Six Compliance Lessons From NYDFS’ First Cybersecurity Regulation Enforcement Action” (Aug. 12, 2020).