How to Avoid Common Software Vulnerability Management Mistakes - Security Boulevard
Tuesday, November 30, 2021
  • Cybereason v21.1 LTS: Advancing Prevention, Detection and Response
  • A Brief History of Ransomware Evolution
  • How to access WordPress Files
  • What to Look for in a CDR Vendor
  • The Familiar Stranger

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About Us

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » How to Avoid Common Software Vulnerability Management Mistakes

SBN How to Avoid Common Software Vulnerability Management Mistakes

by David Bisson on June 30, 2019

Vulnerability management (VM) is an essential process through which organizations can reduce risk in their environments. But myths and misconceptions surrounding VM abound. For instance, organizations commonly approach vulnerability management in the same way as they do patch management. Others are guilty of believing that all attacks rely on vulnerabilities, while others still are under the false impression that all software patches will work without a hitch.

When held by digital security teams, these and other misconceptions can lead to mistakes in the vulnerability management process. Such errors, in turn, undermine organizations’ digital security posture more broadly. Provided below are three of the most common of these slip-ups.

Mistake #1: Not prioritizing risk properly

If there’s one thing that’s for sure in information security, it’s that there’s no shortage of known software vulnerabilities. Software providers rightfully respond to these flaws by routinely releasing dozens and dozens of patches in their security bulletins. For instance, Microsoft’s Patch Tuesday for June 2019 included fixes for a whopping 88 security vulnerabilities in the Windows operating system and related software. Meanwhile, Oracle Technology Network’s Critical Patch Update Advisory pushed out patches for 334 security flaws in July 2018 alone.

Given this number of vulnerabilities, organizations might feel inclined to fix as many vulnerabilities as possible. But this desire does not work in the favor of organizations’ digital security postures, as bad actors don’t develop exploit code for all vulnerabilities. In fact, a research study led by Kenna Security and the Cyentia Institute found that malefactors actively exploit less than two percent of vulnerabilities in the wild.

Kenna Security’s research finding reveals that digital attackers tend to craft exploit code for an extremely small percentage of known security holes. It, therefore, doesn’t make sense for organizations to treat all vulnerabilities the same. Nor is it (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/vulnerability-management/avoid-software-vulnerability-management-mistakes/

June 30, 2019July 1, 2019 David Bisson Vulnerability Management
  • ← Thirty-four Years – Networking and Software Development (Part 2)
  • US Cyber-Attack on Iran, Poor Government Cybersecurity, Malvertising Campaigns →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Most Read on the Boulevard

Crypto Mining Hackers vs. Cloud Computing—Google States the Obvious
Cybercriminals: Frenemies China, Russia, North Korea
Securing Corporate Philanthropy on Giving Tuesday
Debunking Myths About CMMC 2.0
Cyberattacks in 2021 Highlighted Critical Infrastructure Risks
Sophisticated Tardigrade malware launches attacks on vaccine manufacturing infrastructure
DEFCON 29 IoT Village – Jay Balan’s ‘5 Years Of IoT Vulnerability Research And Countless 0Days’
The Internet is Held Together With Spit & Baling Wire
Customer Identity & Access Management: Build -v- Buy
La lista de control para la auditoría de Microsoft 365 de la Oficina del inspector general (OIG)

Upcoming Webinars

Tue 30

Securing Your Development Infrastructure and Apps From Supply Chain Attacks

November 30 @ 11:00 am - 12:00 pm
Tue 30

Best Practices for Developers: How to Easily Shift Left Security

November 30 @ 12:00 pm - 1:00 pm
Tue 30

Securing Access to Sensitive Corporate Data and Applications in the Hybrid World

November 30 @ 3:00 pm - 4:00 pm
Dec 01

Protecting Applications Running On Kubernetes

December 1 @ 12:00 pm - 1:00 pm
Dec 06

Code Tampering: 4 Keys to Risk Reduction

December 6 @ 3:00 pm - 4:00 pm
Dec 08

Cloud Security

December 8 @ 12:00 pm - 1:00 pm
Dec 09

SCA: Your First Step Toward Supply Chain Security

December 9 @ 11:00 am - 12:00 pm
Jan 11

Securing Infrastructure-as-Code From Tampering and Misconfigurations

January 11, 2022 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

The State of Cloud Native Security 2020

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Cyberattacks in 2021 Highlighted Critical Infrastructure Risks
Cybersecurity Data Security Endpoint Industry Spotlight IoT & ICS Security Malware Network Security Security Boulevard (Original) Threat Intelligence Vulnerabilities 

Cyberattacks in 2021 Highlighted Critical Infrastructure Risks

November 30, 2021 Chen Fradkin | 6 hours ago 0
Debunking Myths About CMMC 2.0
CISO Suite Cyberlaw Cybersecurity Governance, Risk & Compliance Industry Spotlight IoT & ICS Security Network Security Security Awareness Security Boulevard (Original) 

Debunking Myths About CMMC 2.0

November 29, 2021 Ed Bassett | Yesterday 0
The Art (and Math) of Balancing CX With Fraud Prevention
Analytics & Intelligence Cybersecurity Governance, Risk & Compliance Industry Spotlight Mobile Security Network Security Security Awareness Security Boulevard (Original) 

The Art (and Math) of Balancing CX With Fraud Prevention

November 18, 2021 Rafael Lourenco | Nov 18 0

Top Stories

Crypto Mining Hackers vs. Cloud Computing—Google States the Obvious
Analytics & Intelligence Application Security Cloud Security Cybersecurity DevOps Editorial Calendar Featured Identity & Access Incident Response Malware Network Security News Securing Open Source Securing the Cloud Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Crypto Mining Hackers vs. Cloud Computing—Google States the Obvious

November 29, 2021 Richi Jennings | Yesterday 0
Biggest Single Crypto Theft: Teen Charged with $36M SIM-Swap Heist
Analytics & Intelligence Blockchain Cloud Security Cyberlaw Cybersecurity Data Security Digital Currency Featured Governance, Risk & Compliance Identity & Access Incident Response Mobile Security News Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Biggest Single Crypto Theft: Teen Charged with $36M SIM-Swap Heist

November 22, 2021 Richi Jennings | Nov 22 0
BlastWave Aims to Simplify Securing Edge Computing
Cybersecurity Data Security Endpoint Featured IoT & ICS Security Malware Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Vulnerabilities 

BlastWave Aims to Simplify Securing Edge Computing

November 17, 2021 Michael Vizard | Nov 17 0

Security Humor

Robert M. Lee's & Jeff Haas' Little Bobby Comic - 'WEEK 357'

Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 357’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Techstrong Research
  • Techstrong TV
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
  • Digital Anarchist
Powered by Techstrong Group
Copyright © 2021 Techstrong Group Inc. All rights reserved.