An automated framework for managing security vulnerabilities
Abstract
Purpose
This paper aims to look at unpatched software which represents a significant problem for internet‐based systems, with a myriad malware incidents and hacker exploits taking advantage of vulnerable targets. Unfortunately, vulnerability management is a non‐trivial task, and is complicated by an increasing number of vulnerabilities and the workload implications associated with handling the associated security advisories and updates.
Design/methodology/approach
As a step towards addressing the problem, this paper presents an automated framework that is designed to provide a vendor‐independent means of vulnerability notification and rectification for system administrators.
Findings
In the proposed framework, incoming vulnerability advisory messages may be obtained from multiple sources, and then filtered and prioritised according to the specific requirements of the target environment (as determined by the security administrator). In addition to notification management, the framework provides an automated facility for the download and deployment of any associated patches. The framework has been implemented in prototype form, with particular focus on the notification manager.
Originality/value
This paper presents an automated framework, providing a valuable and comprehensive solution for managing vulnerabilities in terms of notification and rectification systems.
Keywords
Citation
Al‐Ayed, A., Furnell, S.M., Zhao, D. and Dowland, P.S. (2005), "An automated framework for managing security vulnerabilities", Information Management & Computer Security, Vol. 13 No. 2, pp. 156-166. https://doi.org/10.1108/09685220510589334
Publisher
:Emerald Group Publishing Limited
Copyright © 2005, Emerald Group Publishing Limited