There are no flawless software systems or applications. When flaws result in security vulnerabilities, threat actors
exploit them to compromise those systems and applications and, by extension, the endpoints on which they reside.
Although software vendors issue patches to remediate flaws, many financial institutions do not apply all available
patches to their production environments. In addition, when systems or applications reach their end-of-support,
they no longer receive vulnerability patches from their vendors. These two scenarios describe the conditions under
which a system or application is considered "unpatchable." When patching or upgrading is no longer feasible,
security professionals need to identify alternative ways to secure the unpatchable systems and applications to
support their ongoing use in the environment.