Responding to Critical Software Vulnerabilities
New software vulnerabilities are being discovered all the time and each provides an opportunity for cyber adversaries to disrupt your business. Where a new vulnerability affects a widely used common component this increases the risk and requires organizations to implement a rapid response. This leadership brief describes the steps an organization needs to take to respond to newly discovered critical software vulnerabilities.
1 Executive Summary
The software that supports today's organizations is large and complex comprising many interrelated components that come from different sources. This makes sense because it is more efficient to reuse rather than to recreate common, regularly used functions every time they are needed. Some of these components may come from software vendors, some may be part of standard infrastructure like operating systems and libraries, and some may be from Open Source. Whatever their source, all these components may contain hidden vulnerabilities. The challenge for organizations is how to best respond when one of these vulnerabilities is discovered.
A recent example of this is Log4shell which is a critical vulnerability that was discovered in the logging tool Log4j, which is widely used across the world. Cyber adversaries exploit these kinds of vulnerabilities to attack organizations using ransomware, to steal intellectual property and personal data, as well as to fraudulently obtain money and payments.
This leadership brief describes the steps an organization needs to take to respond to newly discovered critical software vulnerabilities.
Full article is available for registered users with free trial access or paid subscription.
Register and read on!
Sign up for the Professional or Specialist Subscription Packages to access the entire body of the KuppingerCole research library consisting of 700+ articles.