• 918博天堂·(中国区)首页

    Blog
    Topic
    All
    AIoT
    SMB Solutions
    Products and technologies
    Industries
    All
    Retail
    Traffic
    Education
    Logistics
    Building
    Energy
    Manufacturing
    Sports
    Sustainability
    Business trends
    Cybersecurity
    Partner and customer experience
    Deep learning
    Thermal
    Events
    Access control
    Video Intercom
    Security Operations
    Trends
    Solution
    LED
    Resources and events
    IFPD
    Resetuj
    Search blog
    Blog
    Filter
    Cancel
    Topic
    All
    AIoT
    SMB Solutions
    Products and technologies
    Industries
    All
    Retail
    Traffic
    Education
    Logistics
    Building
    Energy
    Manufacturing
    Sports
    Sustainability
    Business trends
    Cybersecurity
    Partner and customer experience
    Deep learning
    Thermal
    Events
    Access control
    Video Intercom
    Security Operations
    Trends
    Solution
    LED
    Resources and events
    IFPD
    Resetuj
    Prześlij

    The Importance of a Well-Run Vulnerability Disclosure Program

    Developing a systematic program to manage vulnerability disclosure and patching is an important component of any IT and cybersecurity professional’s skillset within the physical security industry. In this article, Hikvision provides details about the process to help you and your organization better handle vulnerabilities.

     

    Vulnerabilities are the bugs, flaws, or weaknesses in applications, operating systems, and software components that threat actors can exploit. The threat landscape is ever-expanding in complexity and attack surfaces. In 2022, over 25,000 new common IT security vulnerabilities and exposures (CVEs) were reported.  Between January and April 2023, this number reached 7,489 (Statista.com). Additionally, each PC, smartphone, and server is running an operating system. The growth of the Internet of Things (IoT) connected smart devices like IP video security cameras, smart thermostats, and smart appliances adds to this.

     

    All these computing systems are running software that needs to be updated regularly as new vulnerabilities are discovered and patches are made available by their software vendors. Some of these patches are installed automatically while others require the software end user to install the patches manually. Even when you are up to date with patches, it is likely that you are running vulnerable software but just haven’t found all of the vulnerabilities yet. This is why managing vulnerabilities is essential and should be part of an ongoing program within your organization.

     

    Basics of Vulnerability Management

    The basic structure of a vulnerability management program includes these three elements:

     

    1.      Discover the vulnerability

    2.      Report it to the vendor

    3.      Coordinate public disclosure of the vulnerability with a patch

     

    The process begins with the discovery of a vulnerability. Malicious threat actors (black hat) and ethical security researchers (white hat) are constantly looking for vulnerabilities in popular software. Hackers seek to exploit these vulnerabilities for personal and financial gain. Ethical researchers seek to have these vulnerabilities fixed. Typically, when a security researcher discovers a vulnerability in a product, they will alert the software vendor who owns and manages that product. The researcher then works with the vendor to identify the vulnerability, mitigate it by creating a patch, and test it to ensure that the patch fixes the vulnerability. Once that is completed, we move into the public disclosure component of the process.

     

    Public Disclosure of a Vulnerability

    Proper disclosure of a vulnerability patch also requires a responsible, coordinated approach. When an ethical security researcher and a software vendor work together, both parties will wait to inform the public of the vulnerability until a working patch is tested and available for end user download. This action is taken to prevent threat actors from exploiting the vulnerability. The vendor and researcher will agree upon a formal vulnerability disclosure date, at which time the vendor will release a public statement with a link to the patch. Once the patch is officially released, end users will need to install the patch to ensure the vulnerability has been mitigated.

     

    In the early days of computing science, patching was very confusing because there was no naming convention for vulnerabilities. In 1999, the Mitre Corporation aimed to remedy this by creating the CVE database which gave each vulnerability a unique name. This made life quite a bit easier for system administrators. CVE is now the industry standard for vulnerability and exposure identifiers.

     

    In February 2020, Hikvision was designated as a Common Vulnerability and Exposures (CVE) Numbering Authority (CNA), a CVE CNA, by Mitre Corporation for its vulnerability management program. The majority of Hikvision security camera end users have patched known vulnerabilities or do not make devices accessible from the internet, eliminating the risk of a successful hack.

     

    Roles and Responsibilities

    Everyone in the physical security industry has a responsibility in the cybersecurity and vulnerability disclosure process.

     

    Software vendors can work with internal teams or external resources to assess your risks and discover vulnerabilities using scanning tools or various databases like the CVE and the National Vulnerability Database (NVD). The CVSS (Common Vulnerability Scoring System) can also help you assess risk with its severity scoring system, enabling an accurate rating of your cybersecurity risk on a scale from “low 0.1-3.9” to “critical 9.0-10.0.”

     

    Organization-wide mitigation efforts require the discovery and responsible disclosure of patches to ensure a robust cybersecurity risk strategy. Understanding the approach can also help you identify and lead better vulnerability responses in the future.

     

    To learn more, download a copy of Hikvision’s Vulnerability Management white paper

    Skontaktuj się z nami
    Zapytania Handlowe
    Zapytania Techniczne
    Wsparcie online
    Where to Buy
    Website Feedback
    Website Feedback
    Skontaktuj się z nami
    Hik-Partner Pro close
    Hik-Partner Pro
    Hik-Partner Pro
    Scan and download the app
    Download
    Hik-Partner Pro
    Hik-Partner Pro

    Get a better browsing experience

    You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.