Blog
Topic
All
Products and technologies
Business trends
Cybersecurity
Cybersecurity
Awards
AI
ColorVu
Events
NVR
Access control
Solution
Software
Industry News
Company News
Product Announcement
Videos
Case Studies
Search blog
Blog
Filter
Cancel
Topic
All
Products and technologies
Business trends
Cybersecurity
Cybersecurity
Awards
AI
ColorVu
Events
NVR
Access control
Solution
Software
Industry News
Company News
Product Announcement
Videos
Case Studies
Reset
Submit

Managing Cybersecurity Risks and Vulnerabilities from Discovery to Disclosure 

Download New Hikvision White Paper for Insights to Understand Vulnerabilities

As a slate of hackathons and cybersecurity conventions including Black Hat and DEF CON kicked off in early August, hackers and cybersecurity specialists descended upon Las Vegas to workshop and discuss the latest developments in threats and methods to safeguard data. Conventions like DEF CON and Black Hat allow cybersecurity specialists and engineers from a wide range of backgrounds to learn from industry leaders and experts to hone their skills in managing and assessing risks at every stage of the vulnerability management process. As we discussed in our most recent white paper, understanding the various stages of the vulnerability lifecycle is critical for software vendors and security researchers who want to deliver safe and secure software for end users.

How are vulnerabilities discovered?

Vulnerabilities are discovered through many different avenues—both internally by developers who write software and externally by third parties who intentionally look for vulnerabilities in software. Internally, software companies and technology vendors will conduct security testing during software development before putting software into production and making it available to the public. Externally, good-faith security researchers and malicious threat actors constantly look for vulnerabilities in popular software. Some vendors even have bug bounty programs where they award researchers for discovering and disclosing vulnerabilities to them.

How are vulnerabilities disclosed?

The main goal of disclosing vulnerabilities is to reduce the risk of end users’ systems becoming compromised by a threat actor who exploits an unpatched vulnerability. Typically, companies and security researchers follow a coordinated vulnerability disclosure process where both entities wait until the vulnerability has a working patch assigned to it that mitigates further interference from threat actors. Once a patch is ready, the vendor will release the patch alongside a statement that a vulnerability was discovered and that a patch has been released. After a vulnerability has been formally patched, the vulnerability will be logged into the Common Vulnerabilities and Exposures Database (CVE). 

How are vulnerabilities managed?

Many vendors are turning to contract workers to assist with the growing number of vulnerabilities discovered and patches released every month due to the constant pressure to manage vulnerabilities in a timely manner. This also expands vendor resources to better safeguard their own systems.

For organizations to adequately protect themselves, they must implement a comprehensive risk-based vulnerability management process. While large organizations are able to hire staff expressly for discovering and patching vulnerabilities, a small organization with limited resources can benefit from an established process that thoroughly assesses risks and prioritizes patching and mitigation based on the level of risk. 

Cybersecurity is an ever-evolving challenge and experts must keep up to date with best practices. Events like Black Hat and DEF CON, and insights from our vulnerability white paper, play an important role in helping cybersecurity professionals keep current on how to best protect data and systems.

Subscribe to newsletter

Subscribe to our email newsletter to get the latest, trending content from Hikvision

Hikvision.com uses strictly necessary cookies and related technologies to enable the website to function. With your consent, we would also like to use cookies to observe and analyse traffic levels and other metrics / show you targeted advertising / show you advertising on the basis of your location / tailor our website's content. For more information on cookie practices please refer to our cookie policy.

 

Contact Us

Get a better browsing experience

You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.