Appendix A VULNERABILITIES

INTRODUCTION

Vulnerabilities and security exposures are at the heart of the science of information security. They are not employed directly in the McCumber Cube methodology, because they are technology-based artifacts that are ultimately juxtaposed against various safeguards to ensure appropriate risk mitigation in the risk assessment process. However, the definitions and complete library of vulnerabilities have been admirably defined and addressed in the CVE library such that any detailed analysis outside this effort would be futile at best and conflicting at worst. With this in mind, I have included here several sections of the CVE library¹ that define the issue of vulnerabilities and exposures.

These sections have ...

Get Assessing and Managing Security Risk in IT Systems now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Assessing and Managing Security Risk in IT Systems by John McCumber

Appendix A VULNERABILITIES

INTRODUCTION

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly