Dark Reading's Vulnerability Management Tech Center is your portal to all the news, product information, best practices, and other data related to detecting and remediating security vulnerabilities.  Written for those who must find and fix enterprise security vulnerabilities, the Vulnerability Management Tech Center is your guide to the latest tools and techniques for preventing security breaches, as well as best practices for responding to new vulnerability discoveries.

Breaking News

Flaw In Microsoft's Hypervisor Lets Attackers Bypass DEP, ASLR
Virtual PC hypervisor bug and proof-of-concept revealed by Core Security Technologies -- but Microsoft says it's not technically a vulnerability

Only One In Seven Consumer AV Tools Catch New 'Aurora' Variants
NSS Labs says its new test shows emphasis on antivirus exploit detection flawed, but others disagree

Security Pros Say Apps Are Vulnerable -- And Constantly Attacked
Survey of RSA attendees says enterprise apps are tested hundreds of times a day

More Stories:

• New IE Zero-Day Flaw Being Used In Targeted Attacks
• Ford Motor Rolls Out New Security Features To Prevent Car-Hacking
• At RSA, Some Security Pros Don't Practice What They Preach
• State Of Application Security: Nearly 60 Percent Of Apps Fail First Security Test
• IBM Report: Number Of New Vulnerabilities Declined In 2009
• Attackers Improving Their Aim Against Top Brands, Study Says
• Researchers: Rootkits Work Nicely On Smartphones, Thank You

MORE NEWS >>>

By The Numbers

In a recent study, Verizon Business' forensics unit compared its own breach data against the breach data reported to the DataLoss DB organization. While the DataLoss DB data initially showed a higher percentage of internal breaches, most of those leaks were caused by physical theft or loss of computer systems. When the physical losses are eliminated from the data (DataLossDB-MOD), both reports show that internal breaches are relatively rare.

Blog

Along with the usual security alerts covering the March bulletins from Microsoft and various content management systems flaws, US CERT published an unusual security alert about a product from Energizer, the battery company.

read more >

Vulnerability Management Reports

Compliance 101: Creating a Strong Vulnerability Management Strategy
Assessing new threats is only the first step in finding and shoring up weak spots in your defenses. Most infosec groups must also factor in a broader audit of compliance with regulatory standards such as HIPAA and PCI. In this Dark Reading Tech Center report, we outline best practices for compliance-oriented vulnerability management; discuss helpful technologies; and address the process of mapping compliance requirements to vulnerability detection and remediation.

Ground Zero: Building a Layered Defense Against Unknown Threats
The moment a malicious hacker or digital criminal exploits an unreported, unpatched flaw, the countdown to chaos begins. Here's how to employ a defense in depth strategy to make it through those critical first days relatively unscathed. The process isn't painless, but there are some key steps that may help you speed the effort to get your infrastructure back to normal.

Assessing the Danger: How IT Can Ace Vulnerability Management
Finding the flaws in your operating systems and applications is only the beginning. You then need to plot a path to security and ensure that no new weaknesses find their way onto your network. In this Dark Reading Analytics report, we offer some step-by-step recommendations on how to do that. First up: an overview of the problem.

Vulnerability Management Newsfeed

• Trend Micro Introduces Hosted Email Security 2.0
• AirMagnet Enterprise Protects Against Latest Wi-Fi Security Exploits, Vulnerabilities
• Crossbeam Names New CEO
• Startup DayZero Systems Comes Out Of Stealth Mode
• McAfee Launches Vulnerability Detection And Response Group
• U.S. Department of Homeland Security Announces Cybersecurity Campaign Challenge

MORE NEWSFEED >>