Windows of Vulnerability
暂无分享,去创建一个
This chapter discusses the basic concepts of network vulnerability. The complications surrounding vulnerability management create what is known as a Window of Vulnerability. There are two types of Windows of Vulnerability: (1) Unknown Window of Vulnerability—the time from when vulnerability is discovered to when the system is patched and (2) Known Window of Vulnerability—the time from when a vendor releases a patch to when the system is patched. Calculating the Unknown Window of Vulnerability is valuable when planning mitigation strategies. Regardless of how vulnerability becomes public, the vulnerability poses a risk to an organization. The amount of risk the vulnerability presents depends on a number of factors such as vendor risk rating, number of affected systems within an organization, criticality of affected systems within an organization, and exposure affected systems present to the organization. The Common Vulnerability Scoring System (CVSS) is an alternate, vendor-agnostic, open standard of scoring vulnerabilities. CVSS is an attempt to solve the problem of multiple vendors having their own scoring system, which can cause confusion for IT security professionals trying to understand multiple systems.