Monday, June 13, 2016

FIRST 2016 - The Vulnerability Lifecycle

CERT/CC presented a workshop on coordinating vulnerability disclosure. Understanding the vulnerability life cycle helps when developing a corporate vulnerability management process.

Vulnerabilities live, those wee nasty things.
And all through their lives, oh, the mess that they bring!
First they're discovered through various methods,
Researchers probing and using their big heads
Or accidents happening by users at play
That leave them amazed or completely dismayed.
Once it's discovered, it's time for disclosure,
Which may cause a vendor to lose their composure.
This process requires so much c'ordination
Which reduces the impact and bad situations.
Before things are published, we look for a fix:
Remediation through patches or similar tricks.
Deploy out the changes and work toward removal
Of bugs or the process that earned disapproval.
Not much of a life! Vulns are no fun.
Though they seem to be smiling as they yell and they run.

No comments:

Post a Comment