Saturday, April 10, 2021
  • 5 consejos para evitar los ciberataques en plataformas de EdTech
  • Don’t Put Off Cybersecurity Incident Response Planning
  • Today, You Really Want a SaaS SIEM!
  • The U.S. Government Needs to Overhaul Cybersecurity. Here’s How.
  • BSides Philly 2020 – Etizaz Mohsin’s ‘The Great Hotel Hack’

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » How to Avoid Common Software Vulnerability Management Mistakes

How to Avoid Common Software Vulnerability Management Mistakes

by David Bisson on June 30, 2019

Vulnerability management (VM) is an essential process through which organizations can reduce risk in their environments. But myths and misconceptions surrounding VM abound. For instance, organizations commonly approach vulnerability management in the same way as they do patch management. Others are guilty of believing that all attacks rely on vulnerabilities, while others still are under the false impression that all software patches will work without a hitch.

When held by digital security teams, these and other misconceptions can lead to mistakes in the vulnerability management process. Such errors, in turn, undermine organizations’ digital security posture more broadly. Provided below are three of the most common of these slip-ups.

Mistake #1: Not prioritizing risk properly

If there’s one thing that’s for sure in information security, it’s that there’s no shortage of known software vulnerabilities. Software providers rightfully respond to these flaws by routinely releasing dozens and dozens of patches in their security bulletins. For instance, Microsoft’s Patch Tuesday for June 2019 included fixes for a whopping 88 security vulnerabilities in the Windows operating system and related software. Meanwhile, Oracle Technology Network’s Critical Patch Update Advisory pushed out patches for 334 security flaws in July 2018 alone.

Given this number of vulnerabilities, organizations might feel inclined to fix as many vulnerabilities as possible. But this desire does not work in the favor of organizations’ digital security postures, as bad actors don’t develop exploit code for all vulnerabilities. In fact, a research study led by Kenna Security and the Cyentia Institute found that malefactors actively exploit less than two percent of vulnerabilities in the wild.

Kenna Security’s research finding reveals that digital attackers tend to craft exploit code for an extremely small percentage of known security holes. It, therefore, doesn’t make sense for organizations to treat all vulnerabilities the same. Nor is it (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/vulnerability-management/avoid-software-vulnerability-management-mistakes/

June 30, 2019July 1, 2019 David Bisson Vulnerability Management
  • ← Thirty-four Years – Networking and Software Development (Part 2)
  • US Cyber-Attack on Iran, Poor Government Cybersecurity, Malvertising Campaigns →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Apple Fiddles While App Store Burns: $1M Bitcoin Scam FAIL
Fileless Malware, Endpoint Attacks on the Rise
Facebook Sucks: Huge 500M-User Breach ‘Is Your Fault’
Race to Cloud Continues Despite Security Concerns
Smart IAM: The Key to Seamless Sign-Ons
Tom Cruise, TikTok and Fraud: How to combat DeepFakes
Hybrid Work: Benefits, Disadvantages and Other Considerations
Ransomware Defense: Three Implementations Every Security Team Needs
Getting to Know DevSecOps
Ransom Gangs Emailing Victim Customers for Leverage

Upcoming Webinars

Tue 13

How to Build Safer Cloud-Native Applications

April 13 @ 3:00 pm - 4:00 pm
Wed 14

AppSec Risk: You Can’t Manage What You Can’t Measure

April 14 @ 1:00 pm - 2:00 pm
Thu 15

The Age of Collaborative Security

April 15 @ 11:00 am - 12:00 pm
Fri 16

Expect More From Your AppSec Vendor

April 16 @ 1:00 pm - 2:00 pm
Wed 21

Managing Open Policy Agent at Scale – Styra DAS

April 21 @ 3:00 pm - 4:00 pm
Thu 22

A New Approach to Secure Web Gateways

April 22 @ 11:00 am - 12:00 pm
Mon 26

The Kubernetes Network (Security) Effect

April 26 @ 9:00 am - 10:00 am
Mon 26

Application Security: Moving at the Speed of DevOps

April 26 @ 1:00 pm - 2:00 pm
May 05

Managing Permissions and Entitlements is at the Core of a Zero Trust Model in the Cloud

May 5 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

The State of Cloud Native Security 2020

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Secrets Detection: An Emerging AppSec Category
Application Security AppSec Cloud Security Cybersecurity Data Security Endpoint Industry Spotlight Security Boulevard (Original) 

Secrets Detection: An Emerging AppSec Category

April 8, 2021 Mackenzie Jackson | 2 days ago 0
Breach Clarity Data Breach Report: Week of April 5
Cybersecurity Data Security Industry Spotlight Security Awareness Security Boulevard (Original) Threats & Breaches 

Breach Clarity Data Breach Report: Week of April 5

April 7, 2021 Kyle Marchini | 3 days ago 0
Smart IAM: The Key to Seamless Sign-Ons
Cybersecurity Identity & Access Industry Spotlight Mobile Security Network Security Security Boulevard (Original) 

Smart IAM: The Key to Seamless Sign-Ons

April 6, 2021 Dave Taku | 4 days ago 0

Top Stories

Facebook Sucks: Huge 500M-User Breach ‘Is Your Fault’
Analytics & Intelligence Application Security AppSec Cloud Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Incident Response News Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Facebook Sucks: Huge 500M-User Breach ‘Is Your Fault’

April 8, 2021 Richi Jennings | 1 day ago 0
Apple Fiddles While App Store Burns: $1M Bitcoin Scam FAIL
Analytics & Intelligence Application Security Cybersecurity Data Security Endpoint Featured Identity & Access Malware Mobile Security News Security Boulevard (Original) Spotlight 

Apple Fiddles While App Store Burns: $1M Bitcoin Scam FAIL

April 5, 2021 Richi Jennings | 4 days ago 0
Ubiquiti Accused of Lying to Help Stock Price
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Identity & Access Incident Response IoT & ICS Security Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Ubiquiti Accused of Lying to Help Stock Price

April 1, 2021 Richi Jennings | Apr 01 0

Security Humor

via     the  Comic Noggins  of   Nitrozac     and     Snaggy     at     The Joy of Tech®   !

Joy Of Tech® ‘Its Always Listening’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.