|This article needs additional citations for verification. (June 2013)|
Vulnerability management is the "cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities", especially in software and firmware. Vulnerability management is integral to computer security and network security.
A potential way to find vulnerabilities is to employ a vulnerability scanner. This is a computer program that analyzes the software of a computer system in search of previously identified vulnerabilities, such as open ports, insecure software configuration, and susceptibility to malware.
A vulnerability scanner cannot necessarily identify an undocumented vulnerability, such as a zero-day attack. However, penetration tests and fuzz testing with relevant test cases can identify certain kinds of vulnerabilities, such as a buffer overflow exploit. Such analyses can be facilitated by test automation.
Correcting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software (such as a firewall), or educating users about social engineering.
- Cornell, Dan (18 March 2009). "Vulnerability Management in an Application Security World". Denim Group blog. Retrieved 27 June 2013.
- Perraudeau, Eric (19 August 2009). Q&A: Vulnerability management. Interview with Mirko Zorz. http://www.net-security.org/article.php?id=1282. Retrieved 28 June 2013.
- "Unknown Vulnerability Management: Webcasts". Codenomicon Defensics. Codenomicon. Retrieved 27 June 2013.