lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALv8orF7Sx6aVEO8F=KythtknfMF6pAZMxe3rYJ+d41w9a1zmA@mail.gmail.com> Date: Thu, 3 Sep 2020 20:14:19 +0530 From: Pramod Rana <varchashva@...il.com> To: fulldisclosure@...lists.org Subject: [FD] Open Source Tool | vPrioritization | Risk Prioritization Framework It is no secret that today we have more vulnerabilities than we can assess and remediate, timely and comprehensively. Risk prioritization is a key component for any vulnerability management program. Implementing a good risk prioritization framework is easier said than done because of the variable nature of risk. I am glad to introduce vPrioritizer, a small step towards effective risk prioritization. vPrioritizer enables us to understand the contextualized risk (vPRisk) on asset-vulnerability relationship level across the organization, for teams to make more informed decision about what (vulnerability/ties) they should remediate (or can afford not to) and on which (asset/s). To overcome above challenges, vPrioritizer is designed with primary objectives as below: - *Centralized* - must serve as single-pane-of-glass for vulnerability management - *Automated* - any and every task which can be automated, must be automated - *Community Analytics *- utilization of community analytics to mature the prioritization algorithm over the period of time *References: 1. GitHub: https://github.com/varchashva/vPrioritizer <https://github.com/varchashva/vPrioritizer> 2. For more details: https://medium.com/@rana.miet/learn-to-say-no-to-almost-every-vulnerability-intro-to-vprioritizer-9b2aa15369a1 <https://medium.com/@rana.miet/learn-to-say-no-to-almost-every-vulnerability-intro-to-vprioritizer-9b2aa15369a1>3. Demo: https://youtu.be/P9IDpfJDoxI <https://youtu.be/P9IDpfJDoxI>* _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists