Best Practices for Managing Software Vulnerabilities

Best Practices for Managing Software Vulnerabilities

By: Chris Roth, Security Engineer, MAD Security | January 24, 2019   Software vulnerabilities provide one of the biggest attack vectors into an organization. New security flaws are constantly being discovered, making defending against them an ongoing struggle to keep our organizations safe. The good news is that there are best practices that help mitigate the risks associated with them. Two of the most significant practices include patch and vulnerability management. While these may seem simple on the surface, software vulnerabilities are frequently our main point of entry during security assessments. A well implemented patch and vulnerability management program can remediate and detect patch-related vulnerabilities before an attacker is given a chance to abuse them. Below we will step through the basic components of what a successful patch and vulnerability management program should encompass.   Patch Management   What is patch management?  It may seem like a silly question, but patch management encompasses much more than just “applying patches” and is a continuous set of tasks that have the overall goal of preventing the exploitation of vulnerabilities. At a high level, this is done by applying security related updates to remove attack vectors exposed by poor coding or through incorrect implementation of the software.  There are a number of steps that are needed to ensure that patching is successful across your infrastructure.  These steps can be broken down to the major categories of: hardware inventory, software inventory, patch testing, and patch deployment. Each of these has been broken out below and explained in more detail to help gain a better understanding of how it is accomplished, as well as...