Sunday, February 23, 2020
  • DEF CON 27, Artificial Intelligence Village – Jesus Solano’s ‘Behavioral Biometrics And Context Analytics’
  • From The Archive: Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 105’
  • DEF CON 27, Artificial Intelligence Village – Angelo Oliveira’s ‘Fighting Malware With Deep Learning’
  • Adding Custom User Attributes with PowerShell
  • List all OS Versions for Your Fleet of Systems

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » How to Avoid Common Software Vulnerability Management Mistakes

How to Avoid Common Software Vulnerability Management Mistakes

by David Bisson on June 30, 2019

Vulnerability management (VM) is an essential process through which organizations can reduce risk in their environments. But myths and misconceptions surrounding VM abound. For instance, organizations commonly approach vulnerability management in the same way as they do patch management. Others are guilty of believing that all attacks rely on vulnerabilities, while others still are under the false impression that all software patches will work without a hitch.

When held by digital security teams, these and other misconceptions can lead to mistakes in the vulnerability management process. Such errors, in turn, undermine organizations’ digital security posture more broadly. Provided below are three of the most common of these slip-ups.

Mistake #1: Not prioritizing risk properly

If there’s one thing that’s for sure in information security, it’s that there’s no shortage of known software vulnerabilities. Software providers rightfully respond to these flaws by routinely releasing dozens and dozens of patches in their security bulletins. For instance, Microsoft’s Patch Tuesday for June 2019 included fixes for a whopping 88 security vulnerabilities in the Windows operating system and related software. Meanwhile, Oracle Technology Network’s Critical Patch Update Advisory pushed out patches for 334 security flaws in July 2018 alone.

Given this number of vulnerabilities, organizations might feel inclined to fix as many vulnerabilities as possible. But this desire does not work in the favor of organizations’ digital security postures, as bad actors don’t develop exploit code for all vulnerabilities. In fact, a research study led by Kenna Security and the Cyentia Institute found that malefactors actively exploit less than two percent of vulnerabilities in the wild.

Kenna Security’s research finding reveals that digital attackers tend to craft exploit code for an extremely small percentage of known security holes. It, therefore, doesn’t make sense for organizations to treat all vulnerabilities the same. Nor is it (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/vulnerability-management/avoid-software-vulnerability-management-mistakes/

June 30, 2019July 1, 2019 David Bisson Vulnerability Management
  • ← Thirty-four Years – Networking and Software Development (Part 2)
  • US Cyber-Attack on Iran, Poor Government Cybersecurity, Malvertising Campaigns →

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Companies Don’t Trust Themselves With Zero Trust
Now Is the Time to Focus on API Security
DISA Breach Could Impact 200,000, Says Trump’s IT Agency
Lesser-Known Social Engineering Tricks
Survey Confirms CISOs Stressed Out
Juice Jacking: How Hackers Can Steal Your Info When You Charge Devices
Scammers Use Fake Website to Masquerade as Burning Man Organizers
Insecure Direct Object Reference (IDOR) — Web-based Application Security, Part 6
Securing the real perimeter – part 1
Hackers Were Inside Citrix for Five Months

Upcoming Webinars

Tue 25

New Paradigms for the Next Era of Security

February 25 @ 1:00 pm - 2:00 pm
Mar 04

Shift Application Security Knowledge Left to Deliver Secure Code On Time

March 4 @ 11:00 am - 12:00 pm
Mar 09

Best Practices to Secure Containerized Apps with Next-Gen WAF

March 9 @ 1:00 pm - 2:00 pm
Mar 23

The State of Open Source Security

March 23 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Cloud Security: Keeping Serverless Data Safe

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Chernobyl and its Cyber Lessons, Part 2: Incident Response
Cybersecurity Industry Spotlight Security Awareness Security Boulevard (Original) 

Chernobyl and its Cyber Lessons, Part 2: Incident Response

February 21, 2020 Simon Lacey | 2 days ago 0
Lesser-Known Social Engineering Tricks
Cybersecurity Industry Spotlight Security Boulevard (Original) Social Engineering 

Lesser-Known Social Engineering Tricks

February 20, 2020 David Balaban | 3 days ago 0
Now Is the Time to Focus on API Security
Cybersecurity DevOps Industry Spotlight Security Boulevard (Original) 

Now Is the Time to Focus on API Security

February 19, 2020 Doug Dooley | 4 days ago 0

Top Stories

DISA Breach Could Impact 200,000, Says Trump’s IT Agency
Cybersecurity Data Security Featured Network Security News Security Boulevard (Original) Spotlight Threats & Breaches 

DISA Breach Could Impact 200,000, Says Trump’s IT Agency

February 21, 2020 Richi Jennings | 2 days ago 0
Veritas Extends Reach of AI Compliance Tool
Cybersecurity Featured News Security Boulevard (Original) Spotlight Threat Intelligence 

Veritas Extends Reach of AI Compliance Tool

February 20, 2020 Michael Vizard | 3 days ago 0
Iran Backdoors ‘Dozens’ of Companies via VPN 1-Day Vulnerabilities
Cybersecurity Data Security Endpoint Featured Malware Network Security News Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

Iran Backdoors ‘Dozens’ of Companies via VPN 1-Day Vulnerabilities

February 17, 2020 Richi Jennings | Feb 17 0

Security Humor

via the respected information security capabilities of Robert M. Lee & the superlative illustration talents of Jeff Haas at Little Bobby Comics .

From The Archive: Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 105’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2020 MediaOps Inc. All rights reserved.

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.