It can be a real head-scratcher as to why certain organizations continue to allow publicly known vulnerabilities to go unpatched, despite the risk of exploitation. This panel will seek to address the root causes of this negligence. Is it a security culture problem? An awareness problem? A resources problem? A visibility and tools problem? At a certain point, these reasons are no longer reasonable, and simply become empty excuses, which is why it's time to address these barriers to timely patching in a meaningful way.