Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Securing More Vulnerabilities By Patching Less
Newest First  |  Oldest First  |  Threaded View
Peter Fretty
50%
50%
Peter Fretty,
User Rank: Moderator
10/15/2013 | 4:01:08 PM
re: Securing More Vulnerabilities By Patching Less
Unfortunately, patching every known vulnerabilities one at a time is almost impossible. It's time for better development practices in the first place with a sincere focus on developing highly secure software rather than relying on patches to fix issues over time. As the industry works towards this goal, organizations need to embrace next generation firewalls (i.e. Sophos UTM) with granular monitoring capabilities in order to stay ahead of the ever evolving threat landscape.

Peter Fretty
MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
10/4/2013 | 10:56:48 AM
re: Securing More Vulnerabilities By Patching Less
Indeed, it is extremely important that companies focus not just on fixing known vulnerabilities, but closing potential attack vectors too. Also, it is important to develop a software vulnerability management system that will allow prioritizing vulnerabilities. Often times, there are more vulnerabilities to be fixed than time to fix them. Hence, a vulnerability classification and a prioritization framework will help you determine which you should address first. I would like to further recommend the following article for anyone interested in this topic http://blog.securityinnovation...


Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-18654
PUBLISHED: 2021-06-22
Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php".
CVE-2020-22168
PUBLISHED: 2021-06-22
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22169
PUBLISHED: 2021-06-22
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22170
PUBLISHED: 2021-06-22
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
CVE-2020-22171
PUBLISHED: 2021-06-22
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.