April 2024
Intermediate to advanced
288 pages
7h 33m
English
Content preview from Effective Vulnerability Management
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
5Vulnerability Scoring and Software Identification
No conversation about vulnerability management would be complete without discussing vulnerability scoring methods. Vulnerability scoring is used to assign values, either quantitative or qualitative, to aid in vulnerability prioritization and remediation efforts. The cybersecurity industry has a variety of vulnerability scoring methodologies in current use. Some have been around for years, whereas others were more recently developed and adopted in the ecosystem.
In this chapter, we discuss both the pros and cons of various scoring systems. Some of them might be improved and may lend themselves to automation, whereas others are more valuable for manual analysis and scoring. As the landscape of vulnerabilities continues to grow and evolve, so does the vulnerability scoring ecosystem, as organizations seek more efficient and effective methods to allocate resources when it comes to managing vulnerabilities.
Common Vulnerability Scoring System
First up in our discussion of vulnerability scoring systems is the widely used, well-known, and long-established Common Vulnerability Scoring System (CVSS). CVSS originated in 2005 with its initial version 1 and was shortly thereafter adopted by the Forum of Incident Response and Security Teams (FIRST), where it now resides as part of the CVSS Special Interest Group (SIG). Check out www.first.org/cvss for more on this.
Since its release in 2005, CVSS has undergone various iterations and, ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.