Monday, February 22, 01:38
Home security Companies vs Hackers: How do they prioritize vulnerabilities?

Companies vs Hackers: How do they prioritize vulnerabilities?

WhiteSource, a leading open source management company, and CYR3CON, which provides cybersecurity security attacks based on information gathered through it AI hacking communities hacked by hackers released their joint research report today on the prioritization of security vulnerabilities. The research aims to compare how differently they affect vulnerabilities, companies and hackers.

hackers vulnerabilities

As technology continues to evolve, software development teams are being bombarded with increasing security. This made it almost impossible to restore any vulnerability, making it capable hierarchy vulnerabilities even more critical.

This research examines the most common methods used by software development teams to prioritize software vulnerabilities for recovery and compares these practices with data collected from hackers' discussions in various forums, including Dark web and deep web.

Its basic findings report are the following:

  • Software development teams tend to prioritize based on available data, such as degree of severity of vulnerability (CVSS), ease of recovery, and date of publication, but hackers do not target vulnerabilities based on these parameters.
  • Hackers are attracted to specific types of vulnerabilities (CWE), including CWE-20, CWE-125, CWE-79 (XSS) and CWE-200.
  • Organizations tend to prioritize "new" vulnerabilities, with hackers often discussing vulnerabilities for more than 6 months after exploitation, and even older vulnerabilities reappearing in hackers' discussions as they reappear in new exploits or malware.

"As development teams face a growing number of vulnerabilities being uncovered, it becomes impossible to fix everything and it is imperative that teams focus on the most pressing issues first," said Rami Sass, CEO and co-founder of WhiteSource. "Our research can help organizations adopt a consistent prioritization method and ensure that they see beyond the most accessible data. Just to look at the data that can help them fix the security vulnerabilities that could cause the biggest impact to the company."

"Too often, companies unknowingly take the risk by using outdated vulnerability prioritization methods - and this report sheds light on the weaknesses of these approaches. Its combination threat intelligence and mechanical learning overcomes these weaknesses by identifying previously unrecognized risks in the process, ”said Paulo Shakarian, CYR3CON CEO & Co-Founder. "Our CyRating score, which comes from our peer-reviewed scientific research, was designed to scale the analysis process. vulnerabilities and quickly shed light on the hackers' perspective on what they will exploit. ”


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


How to make a Facetime Audio call

Tired of low quality cell phone calls? Thanks to FaceTime, you can make high-resolution calls if you use iPhone, iPad, ...

How to add special effects to Instagram messages

Did you know that you can make instant Instagram messages more impressive? Like any other Instagram feature, you can add special ...

Only 270 addresses are responsible for 55% of all money laundering

Cybercriminals who keep their money in cryptocurrencies tend to "launder" money through a small set of online services, according to ...

Twitter: Voice messages are coming! How do we send them?

Twitter will soon support voice messages in both iOS and Android applications. This means that you will be able to send ...

How to connect a Bluetooth headset to a Nintendo Switch

The Nintendo Switch has a headphone jack. However, most headphones have become wireless so you will need a way to connect them ...

How to hide your phone number in Telegram

If you wish to create a Telegram account, you must provide your telephone number. In this way, Telegram validates the ...

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...