Over 5,000 vulnerabilities make their way to headlines every year. The number will continue to grow, considering that the publicly disclosed vulnerabilities encourage the hackers in their devious acts.

If the computer code fails to patch vulnerabilities, it can lead to loss of data that can cost more than what your organization can pay for. Below is a patch management survival guide that, if followed closely, will reduce the risk of data breach and other cyber crimes. 

Automated vulnerability remediation helps organizations build and implement a risk-focused, contextual and effective vulnerability management program. Therefore, this will help them decide on the effective vulnerability remediation approach based on assets, security patches and security updates across common vulnerabilities.

"The day when Microsoft releases updates for their software to improve security."

What is...Patch Tuesday

Similar to how software bugs are triaged for a severity level, so too are security vulnerabilities as they need to be assessed for impact and risk, which aids in vulnerability management. The forum of Incident Response and Security Teams (FIRST) is an international organization of trusted security scientists and computer researchers that have received the task of creating best practices and tools for incident responses teams, as well as standardizing security methodologies and policies.
One of FIRST’s initiatives is the Special Interest Group (SIG) that is responsible for developing and maintaining the Common Vulnerability Scoring System (CVSS) specification to assist the security team to understand and prioritize the severity of a security vulnerability. 

CVE and CVSS are some of the most commonly misunderstood features of patching. In this article, we will explore the differences and showcase how they can affect your patching technique. Although many IT managers are familiar with these terms CVE and CVSS, some IT professionals still don’t understand the difference between them. CVE and CVSS are synonymous with software vulnerabilities, patching and operating systems. 

In October of 2019, a flaw was found in sudo, a core command utility that is an integral part of all Linux distributions. This vulnerability allows Linux users to gain access as a root (admin) user and run commands that would otherwise be restricted to them. With a low level of difficulty for exploitation and a CVSS score of 7.8, this sudo flaw is the real deal.

So lately people have been asking me: what is this thing you are working on at Vicarius and why are you folks standing out from all the other cyber security vendors out there?