Vulnerability management

Vulnerability management is the "cyclical practice of identifying, classifying, prioritizing, remediating, and mitigating"

software vulnerabilities.^[1] Vulnerability management is integral to computer security and network security, and must not be confused with vulnerability assessment.^[2]

Vulnerabilities can be discovered with a

dynamic analysis, further aids in pinpointing vulnerabilities.^[4] Such analysis can be facilitated by test automation. In addition, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file

).

Correcting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.

Project vulnerability management

Project vulnerability is the project's susceptibility to being subject to negative events, the analysis of their impact, and the project's capability to cope with negative events.^[5] Based on Systems Thinking, project systemic vulnerability management takes a holistic vision, and proposes the following process:

Project vulnerability identification
Vulnerability analysis
Vulnerability response planning
Vulnerability controlling – which includes implementation, monitoring, control, and lessons learned

Coping with negative events is done, in this model, through:

resistance – the static aspect, referring to the capacity to withstand instantaneous damage, and
resilience – the dynamic aspect, referring to the capacity to recover in time.

Redundancy is a specific method to increase resistance and resilience in vulnerability management.^[6]

Antifragility is a concept introduced by Nassim Nicholas Taleb to describe the capacity of systems to not only resist or recover from adverse events, but also to improve because of them. Antifragility is similar to the concept of positive complexity proposed by Stefan Morcov.

References

OCLC 444700438
.

doi:10.3390/app11188735
.

^ ^a ^b Anna-Maija Juuso and Ari Takanen Unknown Vulnerability Management, Codenomicon whitepaper, October 2010 [1].

^ Nabel Zaharudin, Muhammad; Haziq Zuhaimi, Muhammad; Hossain Shezan, Faysal (19 May 2024), "Poster: Enhancing Symbolic Execution with LLMs for Vulnerability Detection" (PDF), IEEE Symposium on Security and Privacy, retrieved 2024-11-27

OCLC 934201504
.

ISSN 0017-8012
. Retrieved 2021-12-13.

External links

"Implementing a Vulnerability Management Process". SANS Institute.

v
t
e
Information security
Related security categories

Computer security

Automotive security

Cybercrime
Cybersex trafficking

Computer fraud

Cybergeddon

Cyberterrorism

Cyberwarfare

Electronic warfare

Information warfare

Internet security

Mobile security

Network security

Copy protection

Digital rights management

Threats

Adware

Advanced persistent threat

Arbitrary code execution

Backdoors

Bombs
Fork

Logic

Time

Zip

Hardware backdoors

Code injection

Crimeware

Cross-site scripting

Cross-site leaks

DOM clobbering

History sniffing

Cryptojacking

Botnets

Data breach

Drive-by download

Browser Helper Objects

Viruses

Data scraping

Denial-of-service attack

Eavesdropping

Email fraud

Email spoofing

Exploits

Fraudulent dialers

Hacktivism

Infostealer

Insecure direct object reference

Keystroke loggers

Malware

Payload

Phishing
Voice

Polymorphic engine

Privilege escalation

Ransomware

Rootkits

Scareware

Shellcode

Spamming

Social engineering

Spyware

Software bugs

Trojan horses

Hardware Trojans

Remote access trojans

Vulnerability

Web shells

Wiper

Worms

SQL injection

Rogue security software

Zombie

Defenses

Application security
Secure coding

Secure by default

Secure by design
Misuse case

Computer access control
Authentication
Multi-factor authentication

Authorization

Computer security software
Antivirus software

Security-focused operating system

Data-centric security

Software obfuscation

Data masking

Encryption

Firewall

Intrusion detection system
Host-based intrusion detection system (HIDS)

Anomaly detection

Information security management
Information risk management

Security information and event management (SIEM)

Runtime application self-protection

Site isolation

Retrieved from "https://en.wikipedia.org/w/index.php?title=Vulnerability_management&oldid=1259880321"

[Foreman_2010_p._1-1] OCLC 444700438
.

[2] :10.3390/app11188735
.

[Codenomicon-3] Anna-Maija Juuso and Ari Takanen Unknown Vulnerability Management, Codenomicon whitepaper, October 2010 [1].

[4] Nabel Zaharudin, Muhammad; Haziq Zuhaimi, Muhammad; Hossain Shezan, Faysal (19 May 2024), "Poster: Enhancing Symbolic Execution with LLMs for Vulnerability Detection" (PDF), IEEE Symposium on Security and Privacy, retrieved 2024-11-27

[Marle_Vidal_2016_p.-5] OCLC 934201504
.

[6] ISSN 0017-8012
. Retrieved 2021-12-13.

[1]

[2]

[4]

[5]

[6]

Project vulnerability management

See also

References

External links