G THE lobal Infrastructure PA f T or Managing Cyber CH FA security CT Vulner ORY abilities Y DISCOVERY VULNERABILIT BAD GUYS Malicious actors using the vulnerability “in the wild” 3rd PARTY BUG HUNTERS/ RESEARCHERS Private security consultants, testers, and researchers DHS RESEARCH Security testing and research performed or sponsored by DHS IN-HOUSE RESEARCH & TESTING Security testers and researchers who test their own products & systems OSURE INITIAL DISCL BUG BOUNTY PROGRAMS CONFERENCE BRIEFINGS/ PRESENTATIONS CISA/CSD MAILING LISTS/ SOCIAL MEDIA COMPUTER SECURITY INCIDENT RESPONSE TEAMS (CSIRTs) PRODUCT SECURITY INCIDENT RESPONSE TEAMS (PSIRTs) CVE NUMBERING AUTHORITIES SOFTWARE ENGINEERING INSTITUTE MITRE CVE TION A ALYSIS AND COORDIN AN CVE ID ASSIGNMENT Each vulnerability is assigned a unique ID number per the CVE Counting Rules COORDINATION Reaching out to contact networks and trusted communities TRIAGE & VALIDATION Is this a real vulnerability? Are the discoverer’s claims accurate? ASSESSING SEVERITY A Common Vulnerability Severity Score (CVSS) is calculated for each vulnerability. Other factors may also come into play, such as how widespread the vulnerability is and what types of impacts might be caused if the vulnerability is exploited (or if exploitation is already occurring). DISCLOSURE & PUBLISHING The vulnerability is made public, usually at the same time as a software update to fix the issue. The MITRE CVE and NIST NVD entries are created and updated as more references and data become available. POST-DISCLOSURE COORDINATION After publication, other potentially affected vendors may come forward to provide of request additional info, expanding the contact network TION PHASE REMEDIA PATCHES/UPDATES and published Advisories SIMPLE FIXES e.g., local bugs in websites or web services SCANNING SIGNATURES to find vulnerable systems INTRUSION SIGNATURES to detect exploit attempts COUNTERMEASURES or other Mitigations (Not everything can or will be patched, so other countermeasures are sometimes necessary to prevent exploitation) These processes are relied upon by software makers, cybersecurity teams, and system administrators all over the world cisa.gov
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
GTHE
lobal Infrastructure PA
fTor Managing CyberCH FA
security CT
VulnerORY
abilities
Y DIS
COVE
RYVU
LNER
ABIL
IT BAD GUYSMalicious actors using thevulnerability “in the wild”
3rd PARTY BUG HUNTERS/RESEARCHERSPrivate security consultants, testers, and researchers
DHS RESEARCHSecurity testing and research performed or sponsored by DHS
IN-HOUSE RESEARCH& TESTINGSecurity testers and researchers who test their own products & systems
OSUR
EIN
ITIA
L DIS
CL
BUG BOUNTYPROGRAMS
CONFERENCEBRIEFINGS/PRESENTATIONS
CISA/CSD
MAILING LISTS/SOCIAL MEDIA
COMPUTER SECURITYINCIDENT RESPONSETEAMS (CSIRTs)
PRODUCT SECURITYINCIDENT RESPONSETEAMS (PSIRTs)
CVE NUMBERINGAUTHORITIES
SOFTWAREENGINEERINGINSTITUTE
MITRE CVE
TION
AAL
YSIS
AND
COO
RDIN
AN
CVE ID ASSIGNMENTEach vulnerability is assigned a unique ID number per the CVE Counting Rules
COORDINATIONReaching out to contact networks and trusted communities
TRIAGE & VALIDATIONIs this a real vulnerability? Are the discoverer’s claims accurate?
ASSESSING SEVERITYA Common Vulnerability Severity Score (CVSS) is calculated for each vulnerability. Other factors may also come into play, such as how widespread the vulnerability is and what types of impacts might be caused if the vulnerability is exploited (or if exploitation is already occurring).
DISCLOSURE & PUBLISHINGThe vulnerability is made public, usually at the same time as a software update to fix the issue. The MITRE CVE and NIST NVD entries are created and updated as more references and data become available.
POST-DISCLOSURE COORDINATIONAfter publication, other potentially affected vendors may come forward to provide of request additional info, expanding the contact network
TION
PHA
SERE
MED
IA PATCHES/UPDATESand published Advisories
SIMPLE FIXESe.g., local bugs in
websites or web services
SCANNING SIGNATURESto find vulnerable systems
INTRUSION SIGNATURESto detect exploit attempts
COUNTERMEASURESor other Mitigations
(Not everything can or will be patched, so other countermeasures are sometimes
necessary to prevent exploitation) These processes are relied upon by software makers, cybersecurity teams, and system administrators all over the world
cisa.gov
Related Documents
