vulnerability management lifecycle
Download
Skip this Video
Download Presentation
Vulnerability Management Lifecycle

Loading in 2 Seconds...

play fullscreen
1 / 11

Vulnerability Management Lifecycle - PowerPoint PPT Presentation


  • 111 Views
  • Uploaded on

Vulnerability Management Lifecycle. Panel Discussion. Panelists. Carole Fennelly - Tenable Network Security Chris Wysopal - Veracode Steven Christey - MITRE Bob Martin - MITRE HD Moore - Rapid7 Jonathan Klein - Broadridge Financial Solutions

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Vulnerability Management Lifecycle' - jason


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
panelists
Panelists

Carole Fennelly - Tenable Network Security

Chris Wysopal - Veracode

Steven Christey - MITRE

Bob Martin - MITRE

HD Moore - Rapid7

Jonathan Klein - Broadridge Financial Solutions

Kelly Todd - OSVDB

overview
Overview
  • Vulnerability Discovery
  • Private Vulnerability Sharing
  • Public Disclosure
  • Vulnerability Database Management
  • Vulnerability Monitoring/Testing
  • Remediation
vulnerability discovery
Vulnerability Discovery
  • Monitoring for Anomalies/ 0-Day
  • Monitoring Local Applications
  • Initial Discovery of Vulnerability
  • Development of Exploit
  • Posting to security lists
private vulnerability sharing
Private Vulnerability Sharing
  • Passing around on underground lists
  • Additional research
  • Expanded impact
  • 0-day exploits
  • “Oops, I broke the Internet…”
public disclosure
Public Disclosure
  • Determine when to disclose
  • Coordination between vendor and researcher
  • What to disclose
  • Public reaction/ working with media
  • FUD
vulnerability database management
Vulnerability Database Management
  • Monitoring of sources
  • Validation
  • Summarization
  • Classification
  • Determine/develop remediation measures
vulnerability monitoring testing
Vulnerability Monitoring/Testing
  • Vulnerabilities discovered during a penetration test
  • Vulnerabilities discovered by security software (IDS, Logs, Scanners)
  • Vulnerabilities discovered from external source
remediation
Remediation
  • Analysis of organizational impact
  • Prioritization
  • Determine/test remediation measures
ad