Share this page!

RAPIDFORT Profile picture
Twitter logo
Dec 7 4 tweets 2 min read
Knowing where vulnerabilities exist is only helpful when you can actually treat them. Unfortunately, a vast majority can only be corrected within an organization’s custom code.
Some organizations write custom patches, but contend with open source software package updates that break those custom patches, so there are significant forward compatibility challenges.

There’s no point in playing security whack-a-mole.

#OSS #cybersecurity
What dev, security & infrastructure teams need to know to improve test cycles:

👉 What software components are running in a workload
👉 What components actually gets used
👉 What components can be eliminated
👉 What vulnerabilities exist after unused components are eliminated
It’s more important to understand how a workload functions than it is to understand where vulnerabilities exist.

Get the full scoop in on how to Stop Chasing Vulnerabilities & Start Improving Test Cycles: loom.ly/OakpAAE

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with RAPIDFORT

RAPIDFORT Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @RapidFortInc

RAPIDFORT Profile picture
Dec 8
Who determines how severe a vulnerability is?

Severity is how much damage a hacker can inflict exploiting a product using that vulnerability. It doesn’t mean this is the most critical risk facing your system, but many developers mistakenly think it is.
1/ Severity & other information related to a known issue are catalogued in a Common Vulnerabilities & Exposures (CVE) database.

Several orgs track CVEs, including the National Institute of Standards & Technology @NIST #severity #vulnerabilities
2/ The rubric for scoring severity is the Common Vulnerability Scoring System (CVSS), an open framework for communicating the characteristics & severity of software vulnerabilities.

Several factors are classified into three categories: base, temporal & environmental.
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(