Vulneribility Primer Flashcards
Responsible disclosure
Is a kind of ethical disclosure and is making enough information known so that informed decisions can be made while not releasing details that could be useful to an adversary.
Zero-day
This is a kind of vulnerability - is a flow in hardware or software that has been discovered but fix is not yet available. This method weaponizes a discovered vulnerability. There is NO time known when vulnerability is known to developers and when is exploited by adversaries.
Exploit
The process of taking advantage of vulnerability
Window of vulnerability
The time when an exploit first becomes active to when the numbers of vulnerable systems shrink to an insignificant number
Vulnerability
Is a weakness in hardware or software, people, processes. A vulnerability in and itself doesn’t pose a real or imminent danger. Rather a vulnerability is the gateway to an exploit - one patch is ready
Windows of opportunity
This is the time on zero-day when hackers take advantage of the vulnerability before developers have opportunity to address it.
Ethical disclosure
Is the practice of publishing informations related to vulnerability or finding. Purpose to inform others of potential risks so they can make informed decisions to take appropriate action. 2 kinds of ethical disclosure : full disclosure and responsible disclosure
Full disclosure
Is a kind of ethical disclosure and is making all details public without regard to additional harm that may be caused to others including exploit by adversaries
Vulnerability management
The process of identifying, accessing, reporting on, prioritizing and mitigating vulnerabilities. Goal is to reduce the risk of security breaches and minimize potential impact of any vulnerability identified. Ongoing process with continuous monitoring and updating
Patch
Is a software and operating system updates that address security vulnerabilities within a product or program