632:
22:
152:
infections. They may also be identified by consulting public sources, such as NVD, vendor specific security updates or subscribing to a commercial vulnerability alerting service. Unknown vulnerabilities, such as a
215:
is the project's susceptibility to being subject to negative events, the analysis of their impact, and the project's capability to cope with negative events. Based on
Systems Thinking,
268:
to describe the capacity of systems to not only resist or recover from adverse events, but also to improve because of them. Antifragility is similar to the concept of
526:
495:
86:
1070:
58:
39:
65:
1104:
1047:
435:
342:
72:
1114:
1078:
287:
181:
analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a
519:
1010:
105:
54:
806:
189:
1060:
43:
460:
873:
512:
201:
1109:
178:
1065:
986:
786:
406:
1042:
1000:
656:
79:
903:
621:
888:
766:
661:
249:
232:
Vulnerability controlling – which includes implementation, monitoring, control, and lessons learned
134:
121:
is the "cyclical practice of identifying, classifying, prioritizing, remediating, and mitigating"
976:
928:
591:
32:
240:
resistance – the static aspect, referring to the capacity to withstand instantaneous damage, and
122:
1017:
751:
265:
141:
1037:
949:
898:
843:
711:
684:
666:
564:
535:
282:
154:
631:
8:
821:
596:
554:
254:
is a specific method to increase resistance and resilience in vulnerability management.
1005:
933:
838:
307:
302:
269:
174:
1053:
811:
746:
696:
643:
601:
549:
468:
441:
431:
348:
338:
297:
193:
126:
1022:
962:
726:
716:
611:
423:
379:
197:
130:
913:
893:
791:
616:
606:
312:
196:, a change in network security policy, reconfiguration of software, or educating
170:
162:
1083:
981:
831:
781:
756:
721:
701:
581:
569:
144:, which analyzes a computer system in search of known vulnerabilities, such as
427:
243:
resilience – the dynamic aspect, referring to the capacity to recover in time.
1098:
993:
954:
923:
918:
771:
761:
731:
472:
445:
368:"Vulnerability Management Models Using a Common Vulnerability Scoring System"
352:
259:
1027:
883:
586:
158:
967:
801:
776:
741:
576:
182:
161:. Fuzzy testing can identify certain kinds of vulnerabilities, such as a
384:
367:
1032:
848:
796:
679:
559:
504:
366:
Walkowski, Michał; Oko, Jacek; Sujecki, Sławomir (19 September 2021).
908:
863:
858:
706:
674:
166:
145:
21:
868:
826:
689:
878:
853:
816:
292:
149:
736:
651:
236:
Coping with negative events is done, in this model, through:
219:
takes a holistic vision, and proposes the following process:
148:, insecure software configurations, and susceptibility to
461:"The Six Mistakes Executives Make in Risk Management"
188:
Correcting vulnerabilities may variously involve the
459:Nassim N. Taleb, Daniel G. Goldstein (2009-10-01).
365:
207:
46:. Unsourced material may be challenged and removed.
411:
496:"Implementing a Vulnerability Management Process"
1096:
418:Marle, Franck; Vidal, Ludovic-Alexandre (2016).
326:
458:
520:
397:
395:
527:
513:
417:
392:
125:. Vulnerability management is integral to
1071:Security information and event management
383:
217:project systemic vulnerability management
140:Vulnerabilities can be discovered with a
106:Learn how and when to remove this message
534:
405:, Codenomicon whitepaper, October 2010
332:
1097:
169:. Such analysis can be facilitated by
1048:Host-based intrusion detection system
508:
422:. London: Springer London. p. .
420:Managing Complex, High Risk Projects
337:. Boca Raton: CRC Press. p. 1.
223:Project vulnerability identification
44:adding citations to reliable sources
15:
1079:Runtime application self-protection
13:
630:
14:
1126:
1011:Security-focused operating system
489:
401:Anna-Maija Juuso and Ari Takanen
807:Insecure direct object reference
403:Unknown Vulnerability Management
208:Project vulnerability management
133:, and must not be confused with
20:
1061:Information security management
229:Vulnerability response planning
31:needs additional citations for
452:
359:
1:
319:
1105:Computer security procedures
7:
1066:Information risk management
987:Multi-factor authentication
543:Related security categories
275:
272:proposed by Stefan Morcov.
264:is a concept introduced by
10:
1131:
1115:Computer security exploits
1043:Intrusion detection system
1001:Computer security software
657:Advanced persistent threat
55:"Vulnerability management"
942:
642:
628:
622:Digital rights management
542:
428:10.1007/978-1-4471-6787-7
767:Denial-of-service attack
662:Arbitrary code execution
335:Vulnerability management
135:vulnerability assessment
123:software vulnerabilities
119:Vulnerability management
977:Computer access control
929:Rogue security software
592:Electromagnetic warfare
465:Harvard Business Review
1023:Obfuscation (software)
752:Browser Helper Objects
636:
333:Foreman, Park (2010).
226:Vulnerability analysis
1018:Data-centric security
899:Remote access trojans
634:
266:Nassim Nicholas Taleb
213:Project vulnerability
142:vulnerability scanner
950:Application security
844:Privilege escalation
712:Cross-site scripting
565:Cybersex trafficking
536:Information security
283:Application security
157:, may be found with
40:improve this article
1110:Security compliance
597:Information warfare
555:Automotive security
385:10.3390/app11188735
270:positive complexity
1006:Antivirus software
874:Social engineering
839:Polymorphic engine
792:Fraudulent dialers
697:Hardware backdoors
637:
308:Project complexity
303:Project management
202:social engineering
175:antivirus software
1092:
1091:
1054:Anomaly detection
959:Secure by default
812:Keystroke loggers
747:Drive-by download
635:vectorial version
602:Internet security
550:Computer security
437:978-1-4471-6785-3
344:978-1-4398-0151-2
298:Long-term support
127:computer security
116:
115:
108:
90:
1122:
963:Secure by design
894:Hardware Trojans
727:History sniffing
717:Cross-site leaks
612:Network security
529:
522:
515:
506:
505:
483:
482:
480:
479:
456:
450:
449:
415:
409:
399:
390:
389:
387:
372:Applied Sciences
363:
357:
356:
330:
131:network security
111:
104:
100:
97:
91:
89:
48:
24:
16:
1130:
1129:
1125:
1124:
1123:
1121:
1120:
1119:
1095:
1094:
1093:
1088:
938:
638:
626:
617:Copy protection
607:Mobile security
538:
533:
500:SANS Institute.
492:
487:
486:
477:
475:
457:
453:
438:
416:
412:
400:
393:
364:
360:
345:
331:
327:
322:
317:
313:Risk management
288:Full disclosure
278:
210:
173:. In addition,
171:test automation
163:buffer overflow
112:
101:
95:
92:
49:
47:
37:
25:
12:
11:
5:
1128:
1118:
1117:
1112:
1107:
1090:
1089:
1087:
1086:
1084:Site isolation
1081:
1076:
1075:
1074:
1068:
1058:
1057:
1056:
1051:
1040:
1035:
1030:
1025:
1020:
1015:
1014:
1013:
1008:
998:
997:
996:
991:
990:
989:
982:Authentication
974:
973:
972:
971:
970:
960:
957:
946:
944:
940:
939:
937:
936:
931:
926:
921:
916:
911:
906:
901:
896:
891:
886:
881:
876:
871:
866:
861:
856:
851:
846:
841:
836:
835:
834:
824:
819:
814:
809:
804:
799:
794:
789:
784:
782:Email spoofing
779:
774:
769:
764:
759:
754:
749:
744:
739:
734:
729:
724:
722:DOM clobbering
719:
714:
709:
704:
702:Code injection
699:
694:
693:
692:
687:
682:
677:
669:
664:
659:
654:
648:
646:
640:
639:
629:
627:
625:
624:
619:
614:
609:
604:
599:
594:
589:
584:
582:Cyberterrorism
579:
574:
573:
572:
570:Computer fraud
567:
557:
552:
546:
544:
540:
539:
532:
531:
524:
517:
509:
503:
502:
491:
490:External links
488:
485:
484:
451:
436:
410:
391:
358:
343:
324:
323:
321:
318:
316:
315:
310:
305:
300:
295:
290:
285:
279:
277:
274:
245:
244:
241:
234:
233:
230:
227:
224:
209:
206:
165:with relevant
114:
113:
28:
26:
19:
9:
6:
4:
3:
2:
1127:
1116:
1113:
1111:
1108:
1106:
1103:
1102:
1100:
1085:
1082:
1080:
1077:
1072:
1069:
1067:
1064:
1063:
1062:
1059:
1055:
1052:
1049:
1046:
1045:
1044:
1041:
1039:
1036:
1034:
1031:
1029:
1026:
1024:
1021:
1019:
1016:
1012:
1009:
1007:
1004:
1003:
1002:
999:
995:
994:Authorization
992:
988:
985:
984:
983:
980:
979:
978:
975:
969:
966:
965:
964:
961:
958:
956:
955:Secure coding
953:
952:
951:
948:
947:
945:
941:
935:
932:
930:
927:
925:
924:SQL injection
922:
920:
917:
915:
912:
910:
907:
905:
904:Vulnerability
902:
900:
897:
895:
892:
890:
889:Trojan horses
887:
885:
884:Software bugs
882:
880:
877:
875:
872:
870:
867:
865:
862:
860:
857:
855:
852:
850:
847:
845:
842:
840:
837:
833:
830:
829:
828:
825:
823:
820:
818:
815:
813:
810:
808:
805:
803:
800:
798:
795:
793:
790:
788:
785:
783:
780:
778:
775:
773:
772:Eavesdropping
770:
768:
765:
763:
762:Data scraping
760:
758:
755:
753:
750:
748:
745:
743:
740:
738:
735:
733:
732:Cryptojacking
730:
728:
725:
723:
720:
718:
715:
713:
710:
708:
705:
703:
700:
698:
695:
691:
688:
686:
683:
681:
678:
676:
673:
672:
670:
668:
665:
663:
660:
658:
655:
653:
650:
649:
647:
645:
641:
633:
623:
620:
618:
615:
613:
610:
608:
605:
603:
600:
598:
595:
593:
590:
588:
585:
583:
580:
578:
575:
571:
568:
566:
563:
562:
561:
558:
556:
553:
551:
548:
547:
545:
541:
537:
530:
525:
523:
518:
516:
511:
510:
507:
501:
497:
494:
493:
474:
470:
466:
462:
455:
447:
443:
439:
433:
429:
425:
421:
414:
407:
404:
398:
396:
386:
381:
377:
373:
369:
362:
354:
350:
346:
340:
336:
329:
325:
314:
311:
309:
306:
304:
301:
299:
296:
294:
291:
289:
286:
284:
281:
280:
273:
271:
267:
263:
262:
261:
260:Antifragility
255:
253:
252:
251:
242:
239:
238:
237:
231:
228:
225:
222:
221:
220:
218:
214:
205:
203:
199:
195:
191:
186:
184:
180:
176:
172:
168:
164:
160:
156:
151:
147:
143:
138:
136:
132:
128:
124:
120:
110:
107:
99:
88:
85:
81:
78:
74:
71:
67:
64:
60:
57: –
56:
52:
51:Find sources:
45:
41:
35:
34:
29:This article
27:
23:
18:
17:
1028:Data masking
587:Cyberwarfare
499:
476:. Retrieved
464:
454:
419:
413:
402:
378:(18): 8735.
375:
371:
361:
334:
328:
258:
257:
256:
248:
247:
246:
235:
216:
212:
211:
190:installation
187:
159:fuzz testing
139:
118:
117:
102:
93:
83:
76:
69:
62:
50:
38:Please help
33:verification
30:
968:Misuse case
802:Infostealer
777:Email fraud
742:Data breach
577:Cybergeddon
183:system file
177:capable of
1099:Categories
1033:Encryption
909:Web shells
849:Ransomware
797:Hacktivism
560:Cybercrime
478:2021-12-13
320:References
250:Redundancy
167:test cases
146:open ports
66:newspapers
864:Shellcode
859:Scareware
707:Crimeware
667:Backdoors
473:0017-8012
446:934201504
353:444700438
179:heuristic
96:June 2013
1038:Firewall
943:Defenses
869:Spamming
854:Rootkits
827:Phishing
787:Exploits
276:See also
155:zero-day
879:Spyware
822:Payload
817:Malware
757:Viruses
737:Botnets
644:Threats
293:IT risk
150:malware
80:scholar
1073:(SIEM)
1050:(HIDS)
934:Zombie
671:Bombs
652:Adware
471:
444:
434:
351:
341:
200:about
82:
75:
68:
61:
53:
919:Worms
914:Wiper
832:Voice
680:Logic
198:users
194:patch
192:of a
87:JSTOR
73:books
685:Time
675:Fork
469:ISSN
442:OCLC
432:ISBN
349:OCLC
339:ISBN
129:and
59:news
690:Zip
424:doi
380:doi
185:).
42:by
1101::
498:.
467:.
463:.
440:.
430:.
394:^
376:11
374:.
370:.
347:.
204:.
137:.
528:e
521:t
514:v
481:.
448:.
426::
408:.
388:.
382::
355:.
109:)
103:(
98:)
94:(
84:·
77:·
70:·
63:·
36:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.