Vulneribility Primer Flashcards

1
Q

Responsible disclosure

A

Is a kind of ethical disclosure and is making enough information known so that informed decisions can be made while not releasing details that could be useful to an adversary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Zero-day

A

This is a kind of vulnerability - is a flow in hardware or software that has been discovered but fix is not yet available. This method weaponizes a discovered vulnerability. There is NO time known when vulnerability is known to developers and when is exploited by adversaries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Exploit

A

The process of taking advantage of vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Window of vulnerability

A

The time when an exploit first becomes active to when the numbers of vulnerable systems shrink to an insignificant number

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Vulnerability

A

Is a weakness in hardware or software, people, processes. A vulnerability in and itself doesn’t pose a real or imminent danger. Rather a vulnerability is the gateway to an exploit - one patch is ready

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Windows of opportunity

A

This is the time on zero-day when hackers take advantage of the vulnerability before developers have opportunity to address it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Ethical disclosure

A

Is the practice of publishing informations related to vulnerability or finding. Purpose to inform others of potential risks so they can make informed decisions to take appropriate action. 2 kinds of ethical disclosure : full disclosure and responsible disclosure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Full disclosure

A

Is a kind of ethical disclosure and is making all details public without regard to additional harm that may be caused to others including exploit by adversaries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Vulnerability management

A

The process of identifying, accessing, reporting on, prioritizing and mitigating vulnerabilities. Goal is to reduce the risk of security breaches and minimize potential impact of any vulnerability identified. Ongoing process with continuous monitoring and updating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Patch

A

Is a software and operating system updates that address security vulnerabilities within a product or program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly