Recently there was mega-breach that exposed the private data about million of people. The cause was said to be an un-patched website vulnerability. I was dissatisfied with the explanation because I knew they had patched the exact same issue on many of their websites.

I reached out to someone I knew on organization's internal security team and asked why was that one website didn’t receive the patch like the others. A: They would’ve patched if they knew the website existed. Lesson: asset inventory matters.