Content deleted Content added
Reverted 1 edit by 2806:102E:1E:2BA0:F540:49F5:E405:3D87 (talk): Non constructive edit Tags: Twinkle Undo Mobile edit Mobile web edit Advanced mobile edit |
Citation bot (talk | contribs) Altered title. Add: authors 1-1. Removed parameters. Some additions/deletions were parameter name changes. | Use this bot. Report bugs. | Suggested by Abductive | Category:Articles containing potentially dated statements from November 2024 | #UCB_Category 130/960 |
||
Line 5:
Despite intentions to achieve complete correctness, virtually all hardware and software contains bugs where the system does not behave as expected. If the bug could enable an attacker to compromise the confidentiality, integrity, or availability of system resources, it is called a vulnerability. Insecure [[software development]] practices as well as design factors such as complexity can increase the burden of vulnerabilities. There are different types most common in different components such as hardware, operating systems, and applications.
[[Vulnerability management]] is a process that includes identifying systems and prioritizing which are most important, scanning for vulnerabilities, and taking action to secure the system. Vulnerability management typically is a combination of remediation (fixing the vulnerability), mitigation (increasing the difficulty or reducing the danger of exploits), and accepting risks that are not economical or practical to eliminate. Vulnerabilities can be scored for risk according to the [[Common Vulnerability Scoring System]] or other systems, and added to vulnerability databases. {{as of| November 2024}}, there are more than 240,000 vulnerabilities<ref>{{cite web |url=https://www.cve.org/About/Metrics |title=CVE - Program Metrics |date=15 November 2024
Line 102:
===Vulnerability inventory===
The most commonly used vulnerability dataset is [[Common Vulnerabilities and Exposures]] (CVE), maintained by [[Mitre Corporation]].{{sfn |Strout |2023|p=6}} {{As of |November 2024}}, it has over 240,000 entries <ref>{{cite web |url=https://www.cve.org/About/Metrics |title=CVE - Program Metrics |date=15 November 2024
==Liability ==
Line 112:
{{refbegin|indent=yes}}
*{{cite book |last1=Ablon |first1=Lillian |last2=Bogart |first2=Andy |title=Zero Days, Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits |date=2017 |publisher=Rand Corporation |isbn=978-0-8330-9761-3 |language=en|url=https://www.rand.org/content/dam/rand/pubs/research_reports/RR1700/RR1751/RAND_RR1751.pdf}}
* {{cite journal |
*{{cite book |last1=Daswani |first1=Neil|authorlink=Neil Daswani |last2=Elbayadi |first2=Moudy |title=Big Breaches: Cybersecurity Lessons for Everyone |date=2021 |publisher=Apress |isbn=978-1-4842-6654-0}}
*{{cite book |last1=Garg |first1=Shivi |last2=Baliyan |first2=Niyati |title=Mobile OS Vulnerabilities: Quantitative and Qualitative Analysis |date=2023 |publisher=CRC Press |isbn=978-1-000-92451-0 |language=en}}
*{{cite book |last1=Haber |first1=Morey J. |last2=Hibbert |first2=Brad |title=Asset Attack Vectors: Building Effective Vulnerability Management Strategies to Protect Organizations |date=2018 |publisher=Apress |isbn=978-1-4842-3627-7 |language=en}}
*{{cite book |last1=Libicki |first1=Martin C. |last2=Ablon |first2=Lillian |last3=Webb |first3=Tim|url=https://www.rand.org/content/dam/rand/pubs/research_reports/RR1000/RR1024/RAND_RR1024.pdf |title=The
*{{cite book |last1=Linkov |first1=Igor |last2=Kott |first2=Alexander |title=Cyber Resilience of Systems and Networks |date=2019 |publisher=Springer International Publishing |isbn=978-3-319-77492-3 |pages=1–25 |language=en |chapter=Fundamental Concepts of Cyber Resilience: Introduction and Overview}}
*{{cite book |last1=Magnusson |first1=Andrew |title=Practical Vulnerability Management: A Strategic Approach to Managing Cyber Risk |date=2020 |publisher=No Starch Press |isbn=978-1-59327-989-9 |language=en}}
| |||