Академический Документы
Профессиональный Документы
Культура Документы
The Vulnerability Life Cycle provides a view over time of a vulnerabilitys origin
and correction and the relative risk during each stage of the cycle.
This life-cycle has the following stages:
1. The creation of the vulnerability. This is when the vulnerability is created
during the implementation of the vulnerable product.
2. The discovery of a vulnerability. The vulnerability in the product is found.
Several people could discover the vulnerability at different times. Little is
ever publicly known about this step.
3. The discovered vulnerability is disclosed. The disclosure could come from
a variety of sources, in a variety of ways. It could be announced by the
vendor or an independent researcher, or secreted away in a products
Change Log.
4. The vulnerability is corrected. This is usually done by the vendor
releasing a patch or workaround. This should lead to an overall reduction
in successful intrusions.
5. The vulnerability is publicized. This can happen in a variety of ways; for
example news reporting, publishing an advisory, worm activity; but the
end effect is that many people know about the vulnerability.
6. The exploit is scripted. This can mean that workable exploit code was
released, or instructions on how to produce one are released. In either
case, the result is that the number of attackers is greatly increased as
those with less skill (script kiddies) can now perform the attack.
7. The vulnerability becomes pass (outdated). Attackers become
disinterested in exploiting this vulnerability. This is not guaranteed to
happen with every vulnerability, and some vulnerabilities (and exploits)
are shown to have cyclical popularity.
8. The vulnerability dies. This happens when the number of possible targets
vulnerable to exploitation drops to an insignificant level.