Vulnerabilities are not equivalent to defects. Although security development methods such as SDL can minimize product security vulnerabilities, security vulnerabilities will still exist due to the widespread use of open-source software, increasing exposure surfaces, and continuous evolution of threat posture.
The industry generally believes that the existence of software vulnerabilities is inevitable.
What is Vulnerability?
“Vulnerability” refers to a fault that is exposed to possible exploitation. Although there are many security practices to reduce vulnerability, vulnerability is almost inevitable as per industry common understanding.
What can Vulnerability do?
A threat that can take advantage of a vulnerability can also induce a chain of events that results in adverse consequences for an organization. Vulnerabilities discovered at the wrong time by the wrong people can also lead to compliance consequences.
How to deal with Vulnerability?
Enterprises need to establish a VM process cycle for finding, assessing, remediating, and mitigating security vulnerability.
“Security Vulnerabilities Are Shared Responsibilities of the Industry Chain and Need to Be Collaborated to Solve Security Vulnerability”, is the Vulnerability Management Industry Consensus.
Huawei Vulnerability Management: 1 Objective, 5 Principles, 3 Steps, and 5 Key Activities.
1 objective: Reduce the harm caused by vulnerabilities and Mitigate risks on the customer’s live network.
5 Principles: Harm and risk reduction, Vulnerability reduction & mitigation, Proactive management, Continuous improvement, Openness, and collaboration.
3 Steps: Manage upstream (open source/third-party), Manage yourself well by developing products that are sufficiently secure and Sustained security throughout the life cycle, and Serve downstream (customer/tenant).
5 Activities: Vulnerability Awareness, Vulnerability Validation, Vulnerability Remediation, Vulnerability Disclosure, and Remediation Deployment.
“Reduce harm and risk” is our consistent vulnerability management principle, Huawei will always be your trusted partner.
Report is from Huawei Uganda CSPO Mr. Kevin.