By Dan Cornell
There is a lot of focus in the security industry on finding vulnerabilities so you see a lot of material out there about penetration testing, fuzzing, static analysis and so on. That is all well and good but with so much focus placed on finding vulnerabilities a lot of organizations forget about the need to actually fix vulnerabilities. We do a lot of software security remediation work at Denim Group and we’re trying to start to make more of the lessons we’ve learned publicly available to make it easier for organizations to fix the vulnerabilities they find in their software. This is the first in a series of blog posts about a framework we’ve created for software security remediation projects. You can find more in-depth information available in the we put together on the subject.
You can read the full HOWTO Guide for Software Security Vulnerability Remediation here:
As we have posted previously, there is . We are hoping that if organizations have a structure for their remediaiton projects as well as data-backed estimates for the level of effort involved that it will be easier to secure budget for these important initiatives. We’ll be following up with more in-depth information on the different steps in the remediation process as well as some tips on practices we have found to be successful.
dan _at_ denimgroup.com