Vulnerability Management—An Important Aspect to Get Right (S13b)
Vulnerability management and remediation procedures are an essential parts in software development. The trend is to focus on the processes rather than on specific products. So shouldn’t we see the same trend here by focusing on procedures rather than on the reporting of individual flaws. What is the benefit of reporting and tracking actual flaws instead of focusing the processes? May reporting and tracking of vulnerabilities be seen as a threat to users and vendors? Will one size fit all? What about dual use of products and vulnerability disclosure policies. This presentation tries to discuss not only the importance, but also the benefit and drawback of some of these aspects when assessing vulnerability management and remediation procedures.