Fork me on GitHub

Test and Verification -> Consolidation: Usage of a vulnerability management system

Risk and Opportunity

Risk: Maintenance of false positives in each tool enforces a high workload. In addition a correlation of the same finding from different tools is not possible.
Opportunity: Aggregation of vulnerabilities in one tool reduce the workload to mark false positives.

Exploit details

Usefullness: Low
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Low

Additional Information

Implementation hints:
OWASP SAMM 2 Mapping: i-defect-management|B|1
ISO27001:2017 Controls Mapping: