Vulnerabilities
A weakness in the computational logic (e.g code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality,integrity or availability
Vulnerabilities comes from software and operating systems
Who found it??
- DevsecOps Engineers
- Security Researchers
- Pentesters
- Software Developers
- Users, on accident?
CVE
CVE(Common Vulnerabilities and Exposure). This is maintained by MITRE.
US Department of Homeland Security maintains the oversight of the cve program
NIST maintains the National Vulnerability Database
CVE-2021-44228 (Log4j)
National Vulnerability Database and CVE are 2 different websites
Not all vulnerabilities are computer code
scope,impact and usefulness will all come down to business needs
Some risk management has do with hiring,acquisitions,firing
Risk Management includes vulnerability management
To access Nessus: https://localhost:8834/#/