What is Vulnerability Discovery?
August 24, 2021 • RBS
Vulnerability discovery is the process of researching a piece of computer software or hardware to evaluate for the presence of vulnerabilities.
This process is the foundation for vulnerability intelligence (VI) and is arguably the most important. Vulnerability discovery is the foundation of VI and dictates the effectiveness of your Vulnerability Management Program (VMP). If you think about it, you can only analyze the vulnerabilities you are aware of. How can you mitigate or remediate risks that you don’t even know are there?
What are the Components of Vulnerability Discovery
Vulnerability discovery begins before your daily workflow; this is the stage where researchers discover and publish vulnerabilities so that vulnerability databases can then aggregate and build upon those disclosures.
In order for your vulnerability intelligence to be effective it needs to monitor as many unique channels as possible. The vulnerability discovery process can be broken into two steps:
- Vulnerability Sources
- Vulnerability Monitoring
If you want comprehensive vulnerability intelligence, you need to be able to identify as many vulnerability sources as you can. You can find vulnerabilities in a wide variety of mediums like mailing lists, blogs, GitHub, and more.
New vulnerabilities have been disclosed by the tens of thousands since the early 2000s. In the past, organizations could rely on mailing lists and vendor security advisories to fuel their VMPs, but those days are over. Why is this the case? It is because there is no common source where vulnerabilities are reported – including CVE/NVD!
Even though many organizations and security tools heavily rely on CVE/NVD, it is not the most comprehensive source of vulnerability intelligence. At this time, CVE/NVD struggles to identify vulnerability sources as they are missing over 84,000 vulnerabilities.
The vulnerabilities that are published across platforms like social media, the deep web, and researcher blogs can slip through the cracks if they are unreported to CVE. The following is the recent number of vulnerabilities according to the vulnerability aggregation method:
It is vital that organizations aggregate as many vulnerabilities as they can so they know which issues to focus on. The more sources identified, the more comprehensive your intelligence is which leads to better outcomes.
Vulnerability monitoring is the act of keeping tabs on a wide variety of sources that produce vulnerability disclosures. This process includes identifying new disclosures, determining if the information is valid, normalizing the data, adding metadata, and including it in a vulnerability intelligence feed.
This can be a real challenge as vulnerabilities are being disclosed every hour of every day, all year, leading to new sources being created daily. To make things even more difficult, sometimes a single source can contain thousands of newly disclosed vulnerabilities.
That being said, what sources, and how many are you aware of and actively monitoring?