YOU ARE DOWNLOADING DOCUMENT

The Patch Factory - Global Infrastructure for Managing ... · who test their own products & systems osure initial discl bug bountyprograms conference briefings/ presentations cisa/csd.

Category:

Documents

The Patch Factory - Global Infrastructure for Managing ... · who test their own products & systems osure initial discl bug bountyprograms conference briefings/ presentations cisa/csd.

Please tick the box to continue:

Transcript
Page 1: The Patch Factory - Global Infrastructure for Managing ... · who test their own products & systems osure initial discl bug bountyprograms conference briefings/ presentations cisa/csd.

GTHE

lobal Infrastructure PA

fTor Managing CyberCH FA

security CT

VulnerORY

abilities

Y DIS

COVE

RYVU

LNER

ABIL

IT BAD GUYSMalicious actors using thevulnerability “in the wild”

3rd PARTY BUG HUNTERS/RESEARCHERSPrivate security consultants, testers, and researchers

DHS RESEARCHSecurity testing and research performed or sponsored by DHS

IN-HOUSE RESEARCH& TESTINGSecurity testers and researchers who test their own products & systems

OSUR

EIN

ITIA

L DIS

CL

BUG BOUNTYPROGRAMS

CONFERENCEBRIEFINGS/PRESENTATIONS

CISA/CSD

MAILING LISTS/SOCIAL MEDIA

COMPUTER SECURITYINCIDENT RESPONSETEAMS (CSIRTs)

PRODUCT SECURITYINCIDENT RESPONSETEAMS (PSIRTs)

CVE NUMBERINGAUTHORITIES

SOFTWAREENGINEERINGINSTITUTE

MITRE CVE

TION

AAL

YSIS

AND

COO

RDIN

AN

CVE ID ASSIGNMENTEach vulnerability is assigned a unique ID number per the CVE Counting Rules

COORDINATIONReaching out to contact networks and trusted communities

TRIAGE & VALIDATIONIs this a real vulnerability? Are the discoverer’s claims accurate?

ASSESSING SEVERITYA Common Vulnerability Severity Score (CVSS) is calculated for each vulnerability. Other factors may also come into play, such as how widespread the vulnerability is and what types of impacts might be caused if the vulnerability is exploited (or if exploitation is already occurring).

DISCLOSURE & PUBLISHINGThe vulnerability is made public, usually at the same time as a software update to fix the issue. The MITRE CVE and NIST NVD entries are created and updated as more references and data become available.

POST-DISCLOSURE COORDINATIONAfter publication, other potentially affected vendors may come forward to provide of request additional info, expanding the contact network

TION

PHA

SERE

MED

IA PATCHES/UPDATESand published Advisories

SIMPLE FIXESe.g., local bugs in

websites or web services

SCANNING SIGNATURESto find vulnerable systems

INTRUSION SIGNATURESto detect exploit attempts

COUNTERMEASURESor other Mitigations

(Not everything can or will be patched, so other countermeasures are sometimes

necessary to prevent exploitation) These processes are relied upon by software makers, cybersecurity teams, and system administrators all over the world

cisa.gov

Related Documents
31st Annual J.P. Morgan Healthcare Conference...BAY94-9343 Bayer Healthcare Mesothelin (ADC) Cancer BI – 1 BI not discl. not discl. CNTO3157 Janssen/J&J not discl. Asthma CNTO –
31st Annual J.P. Morgan Healthcare Conference...BAY94-9343.....
Category: Documents
Visual 5.1 Briefings Version 2.0 Unit 5: Briefings.
Visual 5.1 Briefings Version 2.0 Unit 5: Briefings.
Category: Documents
Siebel Briefings Administration Guide - Oracle · Siebel Briefings Administration Guide Version 8.1/8.2 3 Contents Siebel Briefings Administration Guide 1 Chapter 1: What’s New
Siebel Briefings Administration Guide - Oracle · Siebel...
Category: Documents
Weather briefings
Weather briefings
Category: Presentations & Public Speaking
Construction Briefings - Rogers Joseph O'Donnell · Construction Briefings / August 2004 2 Construction Briefings West, a Thomson business, has created this publication to provide
Construction Briefings - Rogers Joseph O'Donnell ·...
Category: Documents
Exp osure-Resilien - New York Universitydodis/ps/phd-thesis.pdfExp osure-Resilien t Cryptograph y b y Y evgeniy Do dis Submitted to the Departmen t of Electrical Engineering and Computer
Exp osure-Resilien - New York...
Category: Documents
Insurance Day Business Briefings...2018/05/16  · Insurance Day Business Briefings The Insurance Day Business Briefings bring together industry thought leaders in marketing leading
Insurance Day Business Briefings...2018/05/16  · Insurance...
Category: Documents
TechNet MSDN Briefings Najaar 2004 TechNet MSDN Briefings Najaar 2004.
TechNet MSDN Briefings Najaar 2004 TechNet MSDN Briefings...
Category: Documents
SETLabs Briefings SOA
SETLabs Briefings SOA
Category: Documents
Intelligence Briefings (Final)
Intelligence Briefings (Final)
Category: Documents
NUT REPS BRIEFINGS
NUT REPS BRIEFINGS
Category: Documents
SAP:%Session(Fixation ... - Black Hat Briefings€¦ · SAP:%Session(Fixation ... - Black Hat Briefings ... Cookie: ...
SAP:%Session(Fixation ... - Black Hat Briefings€¦ ·...
Category: Documents
³SPANSION DISCL AIM E R: A A - keilpack.azureedge.net · DISCL AIM E R: T he use of the deliverables (deliverables shall include, but not limited to, software, application examples,
³SPANSION DISCL AIM E R: A A - keilpack.azureedge.net ·.....
Category: Documents
Wr430gb00b Bmp Cat Discl Eng
Wr430gb00b Bmp Cat Discl Eng
Category: Documents
Broadview Discl Statement
Broadview Discl Statement
Category: Documents
Special Double Issue: This issue of AirTAP Briefings ...airtap.umn.edu/publications/briefings/2019/... · Special Double Issue: This issue of AirTAP Briefings features highlights
Special Double Issue: This issue of AirTAP Briefings...
Category: Documents
Strategy Briefings · 2019. 12. 11. · Leader Briefings: • SHR Management Team • HR Managers • Deputies • The Governor’s Office • HR Practitioners Strategy Briefings:
Strategy Briefings · 2019. 12. 11. · Leader Briefings:.....
Category: Documents
Maternal seafood diet, methylmercury exp osure, and ...
Maternal seafood diet, methylmercury exp osure, and ...
Category: Documents
Briefings Location
Briefings Location
Category: Documents
wikilks discl fenster
wikilks discl fenster
Category: Documents
Apollo Briefings
Apollo Briefings
Category: Documents
Four Campus PHS-NIH Summary Disclosure Discl Form and Guidelines 3-13-12€¦ · 11/10/2012  · Title: Microsoft Word - Four Campus PHS-NIH Summary Disclosure Discl Form and Guidelines
Four Campus PHS-NIH Summary Disclosure Discl Form and...
Category: Documents
Black Hat Briefings
Black Hat Briefings
Category: Documents
Market Briefings - mitchamprivate.com.au
Market Briefings - mitchamprivate.com.au
Category: Documents
CW9Z66 Briefings
CW9Z66 Briefings
Category: Documents
Briefings Revista
Briefings Revista
Category: Documents
FF management briefings
FF management briefings
Category: Business
Workshop iii george osure
Workshop iii george osure
Category: Business
Bromley Briefings Prison Factfile - Prison Reform Trust Briefings... · Bromley Briefings Prison Factfile Autumn 2017 These ‘Bromley Briefings’ are produced in memory of Keith
Bromley Briefings Prison Factfile - Prison Reform Trust...
Category: Documents
DHS Provider Briefings€¦ · DHS Provider Briefings Thursday 6/25/20. THIS CALL IS BEING RECORDED. Provider Briefings are now held. weekly, on. Thursdays.
DHS Provider Briefings€¦ · DHS Provider Briefings...
Category: Documents