Hedgehog Security

Should we fix all of the vulnerabilities that are reported?

By |2022-07-24T09:52:49+01:00July 24th, 2022|, |

You should evaluate all of the vulnerabilities using a risk-based model first. Each vulnerability should be evaluated for business impact and probability of being exploited to ultimately assign a risk rating. Companies should have risk criteria defined in order to determine thresholds for remediation. Vulnerabilities above the threshold should be remediated or appropriately compensated for in order to bring them

Comments Off on Should we fix all of the vulnerabilities that are reported?

How do we validate vulnerabilities have been remediated?

By |2022-07-24T09:48:08+01:00July 24th, 2022|, |

Validating that vulnerabilities have been remediated can be performed using a variety of methods, either in-house or through external independent verification testing. Some organizations prefer to track remediation in-house and possess the resources to independently validate successful remediation, however most seek independent validation and should have a remediation verification test performed. This is why it is critical

Comments Off on How do we validate vulnerabilities have been remediated?
Go to Top