Blog
Topic
All
Products and technologies
Business trends
Cybersecurity
Cybersecurity
Awards
ColorVu
Events
NVR
Access control
Solution
Industry News
Company News
Product Announcement
Videos
Case Studies
Search blog
Blog
Filter
Cancel
All
Products and technologies
Business trends
Cybersecurity
Cybersecurity
Awards
ColorVu
Events
NVR
Access control
Solution
Industry News
Company News
Product Announcement
Videos
Case Studies
Reset
Submit

The Importance of a Well-Run Vulnerability Disclosure Program, Part 1

Developing a systematic program to manage vulnerability disclosure and patching is an important component of any IT and cybersecurity professional’s skillset within the physical security industry. In this blog, we discuss the components of a vulnerability management program.

Vulnerabilities are the bugs, flaws or weaknesses in applications, operating systems and software components that can be exploited by threat actors. The threat landscape is ever expanding in complexity and attack surfaces. In 2020, more than 20,000 vulnerabilities were publicly disclosed. That averages to more than 55 vulnerabilities being disclosed every single day. Additionally, each PC, smartphone and server is running an operating system. The growth of the Internet of Things (IoT) connected smart devices like IP video security cameras, smart thermostats, and smart appliances adds to this.

All these computing systems are running software that needs to be updated regularly as new vulnerabilities are discovered and patches are made available by their software vendors. Some of these patches are installed automatically while others require the software end user to install the patches manually. Even when you are up to date with patches, it is likely that you are running vulnerable software but just haven’t found all of the vulnerabilities yet. This is why managing vulnerabilities is essential, and should be part of an ongoing program within your organization.

Basics of Vulnerability Management

The basic structure of a vulnerability management program includes these three elements:

  1. Discover the vulnerability
  2. Report it to the vendor
  3. Coordinate public disclosure of the vulnerability with a patch

The process begins with the discovery of a vulnerability. Malicious threat actors and ethical security researchers are constantly looking for vulnerabilities in popular software. Hackers seek to exploit these vulnerabilities for personal and financial gain. Ethical researchers seek to have these vulnerabilities fixed. Typically, when a security researcher discovers a vulnerability in a product, they will alert the software vendor who owns and manages that product. The researcher then works with the vendor to identify the vulnerability, mitigate it by creating a patch, and test it to ensure that the patch fixes the vulnerability. Once that is completed, we move into the public disclosure component of the process.

Check back next week when we’ll discuss the public disclosure process in more detail on the HikWire blog.

You can also download a copy of our Vulnerabilities white paper here.

Subscribe to newsletter

Subscribe to our email newsletter to get the latest, trending content from Hikvision

Hikvision.com uses strictly necessary cookies and related technologies to enable the website to function. With your consent, we would also like to use cookies to observe and analyse traffic levels and other metrics / show you targeted advertising / show you advertising on the basis of your location / tailor our website's content. For more information on cookie practices please refer to our cookie policy.

 

Contact Us
back to top

Get a better browsing experience

You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.