When a software vulnerability becomes publically known, Secunia Research investigates it and either rejects or verifies it. Once verified, the vulnerability is given a criticality rating and described in full. The description includes details about attack vectors, impact and recommended mitigating actions – available patches or possible workarounds.
The verified intelligence is then sent to our customers through our Software Vulnerability Management solutions: Vulnerability Intelligence Manager, Corporate Software Inspector and Personal Software Inspector
Once you’ve identified and qualified the threat, the next step is mitigation – applying remediation or a work-around to deflect the threat. Supported by the assessment activities, classification and filters, the team responsible for mitigation can prioritize their resources and focus on the issues posing the most imminent threat to your organization.
Secunia Research always delivers information on possible solutions to the specific vulnerabilities. And for some mitigation activities, such as security patch management, dedicated technology can further support efficiency by providing the tools and content which can ensure patches are deployed effectively.
The final step is verification. For different areas of the organization, different verification methods can be applied. These can be ticketing systems, scanners or reports.
Regardless of which method you choose, this step is critical, first of all to ensure that mitigation is performed successfully, but also to enable visibility, transparency and accountability within your organization.
The entire lifecycle needs to be underpinned by tools to support workflows and reporting. These tools must be flexible and able to be customized for use within your organization.
Flexibility is critical because every organization has its own processes and infrastructure, and needs to adhere to different sets of policies and regulations.
By continuously repeating the steps in the lifecycle, you consistently reduce the attack surface for hackers and cybercriminals, and thereby reduce risk dramatically.
Software Vulnerability Manager Research facilitates effective reduction of the attack surface for cybercriminals, providing access to verified intelligence from Secunia Research at Flexera, covering all applications and systems across all platforms. It drives prioritization by handling intelligence, workflows, tickets and alerts, and describes the steps to mitigate the risk of costly breaches.
FlexNet Code Insight empowers organizations to take control of and manage use of open source software (OSS) and third-party components. It helps development, legal and security teams use automation to create a formal OSS strategy and policy that balances business benefits and risk management.