Blog
Topic
All
Products and technologies
Business trends
Cybersecurity
Cybersecurity
Awards
ColorVu
Events
NVR
Access control
Solution
Industry News
Company News
Product Announcement
Videos
Case Studies
Search blog
Blog
Filter
Cancel
All
Products and technologies
Business trends
Cybersecurity
Cybersecurity
Awards
ColorVu
Events
NVR
Access control
Solution
Industry News
Company News
Product Announcement
Videos
Case Studies
Reset
Submit

Managing Cybersecurity Risks and Vulnerabilities from Discovery to Disclosure

Download the New Hikvision White Paper to Better Understand Vulnerabilities

Annual conventions like DEF CON and Black Hat allow cybersecurity specialists and engineers from a wide range of backgrounds to learn from industry leaders and experts to hone their skills in managing and assessing risks at every stage of the vulnerability management process. As we discussed in our vulnerabilities white paper, understanding the various stages of the vulnerability lifecycle is critical for software vendors and security researchers who want to deliver safe and secure software for end users.

How are Vulnerabilities Discovered?

 

Vulnerabilities are discovered through many different avenues—both internally by developers who write software and externally by third parties who intentionally look for vulnerabilities in software. Internally, software companies and technology vendors will conduct security testing during software development before putting software into production and making it available to the public. Externally, good-faith security researchers and malicious threat actors constantly look for vulnerabilities in popular software. Some vendors even have bug bounty programs where they award researchers for discovering and disclosing vulnerabilities to them.

 

 

How are Vulnerabilities Disclosed?

 

The main goal of disclosing vulnerabilities is to reduce the risk of end users’ systems becoming compromised by a threat actor who exploits an unpatched vulnerability. Typically, companies and security researchers follow a coordinated vulnerability disclosure process where both entities wait until the vulnerability has a working patch assigned to it that mitigates further interference from threat actors. Once a patch is ready, the vendor will release the patch alongside a statement that a vulnerability was discovered and that a patch has been released. After a vulnerability has been formally patched, the vulnerability will be logged into the Common Vulnerabilities and Exposures Database (CVE). 

 

 

How are Vulnerabilities Managed?

 

For organizations to adequately protect themselves, they must implement a comprehensive risk-based vulnerability management process. While large organizations are able to hire staff expressly for discovering and patching vulnerabilities, a small organization with limited resources can benefit from an established process that thoroughly assesses risks and prioritizes patching and mitigation based on the level of risk. 

 

 

Cybersecurity is an ever-evolving challenge and experts must keep up to date with best practices. Events like Black Hat and DEF CON, and insights from our vulnerability white paper, play an important role in helping cybersecurity professionals keep current on how to best protect data and systems.

 

 

Download your copy of the report here, “Understanding Vulnerabilities: Insights Into the World of Software Vulnerabilities and Vulnerability Management.”

 

 

 Visit our online Cybersecurity Center to explore additional resources.

Cybersecurity

Subscribe to newsletter

Subscribe to our email newsletter to get the latest, trending content from Hikvision

Hikvision.com uses strictly necessary cookies and related technologies to enable the website to function. With your consent, we would also like to use cookies to observe and analyse traffic levels and other metrics / show you targeted advertising / show you advertising on the basis of your location / tailor our website's content. For more information on cookie practices please refer to our cookie policy.

 

Contact Us
back to top

Get a better browsing experience

You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.