Skip to Main Content
Cybersecurity Program Development for Business
book

Cybersecurity Program Development for Business

by Chris Moschovitis
May 2018
Beginner to intermediate content levelBeginner to intermediate
224 pages
6h 26m
English
Wiley
Audiobook available
Content preview from Cybersecurity Program Development for Business

CHAPTER 8Vulnerabilities

As we've discussed, the ugly truth about vulnerabilities is that every system has them! Every single one. And we're not just talking about a couple of issues here and there. Think thousands upon thousands, with more being discovered every day. Our goal is to identify the ones applicable to our environment and deal with them. To do that, we'll need a list.

So, off we go searching for vulnerabilities listings. It should be no surprise that one of the first entries that comes up is NIST's National Vulnerability Database (NVD). At the time of this writing, the NVD contained the following information.

  • 79,261 CVE vulnerabilities (CVE: Common vulnerabilities and exposures from MITRE, a nonprofit that operates several R&D centers)
  • 368 Checklists (Detailed guidance on operating and application security settings)
  • 249 US‐CERT Alerts (U.S. Computer Emergency Readiness Team)
  • 4,455 US‐CERT Vuln notes (U.S. Computer Emergency Readiness Team Vulnerability Notes)
  • 10,286 OVAL Queries (Another MITRE‐coordinated effort on standardizing reporting on machine states for computers)
  • 115,051 CPE Names (Common platform enumeration: A structured naming methodology for information technology assets)

Who Is Who in Vulnerabilities Tracking

Keep working the list and you'll run into all the usual suspects: MITRE, OWASP, CERT, and several security vendors. The situation can quickly become confusing and overwhelming. If you thought threat assessment was a bear, welcome to vulnerability ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Executive's Cybersecurity Program Handbook

Executive's Cybersecurity Program Handbook

Jason Brown

Publisher Resources

ISBN: 9781119429517Purchase book