SANS 2025 Attack Surface & Vulnerability Management Survey - Hackers Don’t Wait—Why Should We?

In an era where digital footprints expand faster than security teams can track, managing the attack surface is no longer a reactive task, it’s a continuous battle. Organizations face an evolving threat landscape driven by shadow IT, cloud sprawl, third-party risks, and zero-day vulnerabilities. Yet, many security teams struggle to gain full visibility into their external exposure, let alone remediate risks before adversaries exploit them.

This survey gathers insights from security leaders, practitioners, and researchers to map out the current state of attack surface and vulnerability management. What technologies are proving effective? Where are organizations still exposed? And how do defenders keep pace with adversaries who operate without constraints?

The findings will highlight key trends, common gaps, and best practices for staying ahead. Industry experts will break down the data, discuss implications, and outline strategies for better risk management. Join us as we turn insight into action, because attackers aren’t waiting, and neither should we.