Security News > 2021 > April > Unearthing the 'Attackability' of Vulnerabilities that Attract Hackers

Unearthing the 'Attackability' of Vulnerabilities that Attract Hackers
2021-04-12 16:48

Vulnerability management is largely about patch management: finding, triaging and patching the most critical vulnerabilities in your environment.

"The only way to do that is to adopt the attacker's perspective. With this perspective, teams can more effectively manage the vulnerabilities on the attack surface by deprioritizing 'high-severity' vulnerabilities that are of little adversarial value and prioritizing those that are likely to be weaponized. Hackers are looking for the path of least resistance, making them fairly predictable when you have a good amount of information about your attack surface from their perspective."

In short, Target Temptation looks at vulnerabilities from the attackers' viewpoint rather than simply the severity of the vulnerability.

Where this approach to vulnerability management differs from many others is in highlighting only relevant vulnerabilities rather than simply listing all vulnerabilities.

It can differentiate between vulnerabilities used by a specific open source library and those vulnerabilities in a part of the library that is not used.

Rather than just looking at vulnerabilities as an issue in themselves, Target Temptation seeks to highlight what will attract the attackers and why.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/NohzvmDCpsk/unearthing-attackability-vulnerabilities-attract-hackers