Taking the Risk-Based Approach to Vulnerability Patching

2022-07-27 11:00

Vulnerability management and patching can easily get out of hand when the number of vulnerabilities in your organization is in the hundreds of thousands of vulnerabilities and tracked in inefficient ways, such as using Excel spreadsheets or multiple reports, especially when many teams are involved in the organization.

While it is well known that vulnerability patching is extremely important, it is also challenging to patch vulnerabilities effectively.

Taxonomy: The classification of the vulnerability reported also has to be taken into consideration and should be mapped with industry standards like OWASP or CWE. An example would be that a remote code execution impacting a server should be prioritized higher than a client-side vulnerability, say a Reflected Cross Site Scripting.

An example of a high prioritized vulnerability would be if the asset which is affected is publicly exposed, has a critical business sensitivity, the vulnerability severity is critical, an exploit is available, and does not require user interaction or authentication/privileges.

Once all vulnerabilities are prioritized, addressing the most critical vulnerabilities will dramatically reduce the risk to your organization.

Prioritization is also easy because Strobes automatically prioritizes vulnerabilities for you based on the metrics described in the Risk-Based Approach to Patching Vulnerabilities section.

News URL

https://thehackernews.com/2022/07/taking-risk-based-approach-to.html

#vulnerability