Automatically eliminate unused software components + deploy smaller, faster & more secure workloads. DM/Follow 🔗 to learn how we can help!
Dec 8, 2022 • 8 tweets • 3 min read
Who determines how severe a vulnerability is?
Severity is how much damage a hacker can inflict exploiting a product using that vulnerability. It doesn’t mean this is the most critical risk facing your system, but many developers mistakenly think it is.
1/ Severity & other information related to a known issue are catalogued in a Common Vulnerabilities & Exposures (CVE) database.
Knowing where vulnerabilities exist is only helpful when you can actually treat them. Unfortunately, a vast majority can only be corrected within an organization’s custom code.
Some organizations write custom patches, but contend with open source software package updates that break those custom patches, so there are significant forward compatibility challenges.
There’s no point in playing security whack-a-mole.