Addressing web server vulnerabilities is key to application security. Consider the impact the Apache Struts vulnerability had on organizations that ignored it and it suddenly becomes clear that responding quickly to Common Vulnerabilities and Exposures (CVE’s) is part of an effective appsec security posture. Real world business conditions are not always conducive to patching software in a timely manner. An automated method of identifying and triaging CVEs from qualification to virtual patches can be achieved with a robust process for staying on top of the latest CVE related vulnerabilities.