TABLE OF CONTENTS This chapter will address vulnerabilities and why they are important. It also discusses a concept known as Windows of Vulnerability, and shows how to determine the risk a given vulnerability poses to your environment.
So, what are vulnerabilities? In the past, many people considered a vulnerability to be a software or hardware bug that a malicious individual could exploit. Over the years, however, the definition of vulnerability has evolved into a software or hardware bug or misconfiguration that a malicious individual can exploit. Patch management, configuration management, and security management all evolved from single disciplines, often competing with each other, into one IT problem known today as vulnerability management.
| Note | Throughout this book, we will reference vulnerabilities by their CVE numbers. CVE stands for Common Vulnerabilities and Exposures, and a list of CVE numbers was created several years ago to help standardize vulnerability naming. Before this list was compiled, vendors called vulnerabilities by whatever names they came up with, making vulnerability tracking difficult and confusing. The CVE created a list of all vulnerabilities and assigned each one a CVE ID in the format CVE-year-number. Vendors... |
