Monitoring for New Vulnerabilities
The earlier-mentioned study conducted by Browne, Arbaugh, McHugh, and Fithen concluded that after a patch is released, the number of attacks continue to rise at a very measurable level. The frequency of attack doesn't follow a nice, safe bell curve; rather, they are on a linear track upward.
The reason for that the longer a patch (or vulnerability) is published, the more hackers find out about it, and the more attempts are made against sites, with hackers using the vulnerability as a launching point to attack. They gamble that you have not patched your gear, and they are usually right. Their attacks are very successful because of the sheer number of available targets. Remember, if you apply a patch, you have likely foiled the attacker's efforts of launching a successful attack against you.
Because new vulnerabilities are discovered every day by developers, researchers, and criminals, tracking and monitoring the vulnerabilities is important. This seemingly easy task can quickly become burdensome as the number of vulnerabilities you must keep up with increases.
Making a list of the developer's websites and other validated resources is your step here.
Sources of Information Regarding Patches
Literally hundreds of sources are available for patch and vulnerability information. As mentioned previously, keeping a list of the ones that matter to you is a best practice. The following is a short list to get you started:
- The vendor of the software
- The project ...
Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
