The Vulnerability Management Episode

Show Notes

KirkpatrickPrice is on a mission to help 10,000 people elevate the standards for cybersecurity and compliance. Join Our Cybersecurity Mission: https://www.linkedin.com/showcase/our-cybersecurity-mission 

Jeff Pochily’s background 

https://www.linkedin.com/in/jeffreypochily/ 

Vulnerability Databases 

https://nvd.nist.gov 

https://vuldb.com 

https://www.cve.org 

Open Bug Bounty Security Researchers 

https://www.openbugbounty.org/researchers/top/   

Recommended vulnerability management controls 

• Documented vulnerability management policies and procedures 
• Assignment of responsibility for vulnerability management to a qualified resource 
• Vulnerability assessment during development 
• Code reviews for secure coding compliance and software vulnerabilities 
• Ranking security vulnerabilities by impact 
• Documented asset inventory 
• Documented inventory of bespoke and custom software, and third-party software components 
• Consistent patch management process 
• Subscription to vulnerability notification services 
• Manual or automated application vulnerability assessment methods 
• Consistently update container deployment tools and images 
• Internal vulnerability scans 
• External vulnerability scans 
• Internal penetration testing 
• External penetration testing 
• Application penetration testing 
• Consistent remediation process for scan and pen test findings 

KirkpatrickPrice scripts to check your systems 

https://github.com/orgs/kirkpatrickprice/repositories 

Cybersecurity & Infrastructure Security Agency 

https://www.cisa.gov/topics/cyber-threats-and-advisories 

 

KirkpatrickPrice is on a mission to help 10,000 people elevate the standards for cybersecurity and compliance. Join Our Cybersecurity Mission: https://www.linkedin.com/showcase/our-cybersecurity-mission