The earth has been trembling for a while now, the great Himalayan quake has left the Nepalese dazed and razed. In India we have been rumbling for weeks now, we are all scared of the unknown. None can predict the timing of an earthquake.
My professional service line is equally unpredictable. I work in the area of software security yet I cannot predict a breach. I can map an organization with vulnerable-seismic zones and can quantify the severity of a breach (a la Richter scale) yet I cannot predict the exact timing of a breach.
Like in an earthquake as the great tectonic plates move and collide, the vulnerabilities also connive to move in groups and expose an oceanic trench for the prying hacker waiting with his fishing rod for a prized catch. Vulnerability management often misplaced in the shoes of a vulnerability assessment is not adequate to secure organizations.