Featured Article from Software Licensing

Software Vulnerability Management Needs to Take Place Over Entire Lifecycle

July 29, 2016

Vulnerability scans and assessments can be very powerful tools when it comes to pinpointing weaknesses in technology infrastructure. It is only when organizations rely solely on vulnerability assessment (VA) tools for remediating issues that they find themselves in trouble, and the phenomenon is becoming increasingly problematic.

A recent blog post from Flexera Software, a company specializing in software optimization and vulnerability management, highlights the inconsistencies found in many VA tools. According to Marcelo Pereira, product marketing manager for Flexera, VA tools have typically evolved from a risk assessment model that is too often outdated. This is becoming a growing concern, and Flexera believes a revolution is needed within the VA market to address current problems and risks.

“Organizations need to change the way they see vulnerability management and probably start looking at other existing forms of vulnerability assessment outside the market for VA tools,” wrote Pereira. Flexera suggests that organizations augment their existing VA tools to take a more comprehensive approach to risk and vulnerability assessment and management.

Flexera recommends taking a high-level view of all infrastructure and systems being used in an organization, including all software products and services and their myriad versions. Companies may then make practical and efficient decisions about which solutions to patch and how to go about it, as well as coming up with a quick and reliable way to configure and deploy patches. What it comes down to is more efficiently using resources to ultimately achieve better security results.

The company refers to this process as the software vulnerability management lifecycle, and tackles it by offering software vulnerability management solutions. Flexera has teamed up with Secunia (News - Alert) Research, which is comprised of security specialists who test, verify and validate public vulnerability reports while also conducting their own independent vulnerability research. The team researches high profile closed source and open source software, focusing on code audits and binary analysis as well as other areas. They have been responsible for finding critical vulnerabilities in software from Microsoft, Apple, Symantec (News - Alert), IBM, Adobe and CA, among other major vendors.

There is certainly an important place for VA tools within the enterprise. But by taking a high-level and comprehensive approach to software vulnerability management, companies can head off the inconsistencies and risks too often inherent in VA solutions and shore up weak areas before problems arise.

Edited by Maurice Nagle
Article comments powered by Disqus