Finding vulnerabilities is only part of the job of a security professional, the other important component is remediation. This latter process focuses on fixing current vulnerabilities and collecting data for future prevention. Once a vulnerability is identified and confirmed, it must be prioritized and remediated quickly. Speed is essential to reduce the window of opportunity that threat actors have to launch attacks. In addition, once a vulnerability is mitigated, it is useful to analyze its cause to prevent it from recurring in the future.
Tasks in this latter process include gathering customer information and thoroughly reviewing/testing the code for any undiscovered flaws, preparing a team, plan, and processes to quickly respond to vulnerabilities and mitigate them, creating and implementing a remediation plan for each identified vulnerability, and determining root cause to build a knowledge base for future prevention.
In addition, root causes should be analyzed over time to identify patterns. These patterns can then be noticed and corrected in other software. Finally, the entire SDLC can be updated periodically to eliminate similar problems in future releases.
Example:
- Create a vulnerability reporting and response program;
- Leverage automation to effectively monitor vulnerability data and perform automated code analysis;
- Measuring the impact and resources required to address each vulnerability while prioritizing remediation;
- Identifying and documenting the root causes of vulnerabilities, while improving the tools for automatic future detection and implementing appropriate adjustments to the SSDF.
