Databases Reference
In-Depth Information
Figure 2.4
Vulnerability
management
process and
technologies.
2.4 depicts this broad view of vulnerability management, the various tech-
nologies that come into play, and the overall process.
2.7.1
Why are there so many vulnerabilities?
It is important to understand what causes vulnerabilities. This will help you
avoid vulnerabilities in your code and environments. Based on a taxonomy
created by the Gartner Group, software vulnerabilities fall into two broad
classes with two subcategories in each:
1.
Software defects.
Software defects are built into the code during
development and include design flaws and coding mistakes. Gart-
ner estimates that 35% of successful attacks exploit these types of
errors.
Design flaws
involve design decisions that create an inherently
insecure system.
Coding errors
include both bugs as well as features that were
put in not by design but through oversight (and as a result of
developers not thinking of all potential consequences). Cod-
ing errors include buffer overflows, race conditions, back
doors into systems, and even nonrandom random-number
generators.
Search WWH ::
Custom Search