The Surprising Complexity of Finding Known Vulnerabilities

20. March 2024

IT security professionals need an efficient and reliable solution for identifying known vulnerabilities in a software product, given its name and version.

Our colleagues at usd HeroLab place high demands on such a solution. They evaluated several available solutions to arrive at the conclusion that not one of them sufficiently meet their requirements. Core challenges in this area include different names for the same product, complex version numbers and data timeliness. As a consequence, they have started developing their own tool: search_vulns.

Learn more about the challenges of finding known vulnerabilities and the requirements corresponding solutions should meet in our LabNews.

Also interesting:

DORA Countdown: One Month Left Until the Deadline

DORA Countdown: One Month Left Until the Deadline

DORA, the Digital Operational Resilience Act, will fully apply as of 17 January 2025. We have summarized everything you need to know about the EU regulation, preparation and best practices from our news blog.

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

PCI DSS v4.0: In March 2024, version 4.0 of the Payment Card Industry Data Security Standard became mandatory after a two-year transition phase. Just a few months later, version 4.0.1 was released as a minor update of the standard, which will become mandatory on...

Top 3 Vulnerabilities in SSO Pentests

Top 3 Vulnerabilities in SSO Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...

Categories

Categories