This article needs additional citations for verification. (June 2013) (Learn how and when to remove this template message)
Vulnerability management is the "cyclical practice of identifying, classifying, prioritizing, remediating, and mitigating" software vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be confused with Vulnerability assessment.[promotional source?]
Vulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities, such as open ports, insecure software configurations, and susceptibility to malware infections. They may also be identified by consulting public sources, such as NVD, or subscribing to a commercial vulnerability alerting service such as Symantec's DeepSight Vulnerability Datafeed[promotional source?] or Accenture's Vulnerability Intelligence Service.[promotional source?] Unknown vulnerabilities, such as a zero-day, may be found with fuzz testing, which can identify certain kinds of vulnerabilities, such as a buffer overflow with relevant test cases. Such analysis can be facilitated by test automation. In addition, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file).
- Foreman, P: Vulnerability Management, page 1. Taylor & Francis Group, 2010. ISBN 978-1-4398-0150-5
- "Vulnerability Assessments vs. Vulnerability Management". Hitachi Systems Security | Managed Security Services Provider. 2018-02-19. Retrieved 2018-08-04.
- Anna-Maija Juuso and Ari Takanen Unknown Vulnerability Management, Codenomicon whitepaper, October 2010 .
- "DeepSight Technical Intelligence | Symantec". www.symantec.com. Retrieved 2018-12-05.
- www.accenture.com (PDF) https://www.accenture.com/t20170721T105740Z__w__/us-en/_acnmedia/PDF-57/Accenture-IDefense-Vulnerability-Intelligence.pdf. Retrieved 2018-12-05. Missing or empty
- "Implementing a Vulnerability Management Process". SANS Institute.