Leadership Brief

Prepare and Protect against Software Vulnerabilities

All software contains vulnerabilities that can be exploited by adversaries to attack the IT systems and data that organizations depend upon. It is essential that organizations have a vulnerability management process as part of their overall IT risk management to identify and control these. This leadership brief describes the vulnerability management process that organizations should implement.

Mike Small

sm@kuppingercole.com

1 Executive Summary

All software contains vulnerabilities that can be exploited by adversaries to attack the IT systems and data that organizations depend upon. It is essential that organizations have a vulnerability management process as part of their overall IT risk management to identify and control these.

A software vulnerability may result from an error in the coding or other factors that can be exploited to provide unexpected and unwanted functionality. Examples of this include a failure to check user input that allows a malicious actor to extract data (SQL Injection) and weaknesses that allow remote execution of commands on the affected systems (as in the recent Log4shell exploit).

Since late 2020, software supply chain attacks have risen to the top of the agenda in cybersecurity. Two major incidents, affecting software vendors SolarWinds and Kaseya, resulted in their customers receiving malicious software on their customers. By tampering with COTS (commercial off the shelf) software, attackers managed to multiply their attacks and gain access to thousands of other organizations.

This leadership brief describes the vulnerability management process that an organization should implement to:

  • Prevent the introduction of vulnerabilities.
  • Identify existing vulnerabilities and monitor the discovery of new ones.
  • Assess the impact of these on the business systems.
  • Implement the appropriate response in a timely manner.

Full article is available for registered users with free trial access or paid subscription.

Register and read on!

Sign up for the Professional or Specialist Subscription Packages to access the entire body of the KuppingerCole research library consisting of 700+ articles.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package