Vulnerability management for Partner Suppliers

People make mistakes and sometimes those mistakes end up in your code. A flaw or bug may exist in the code written by your organization or it could be in a third-party file embedded in your software. A flaw that can be exploited by bad actors is identified as a vulnerability.

Vulnerabilities are typically registered and assigned a CVE (Common Vulnerabilities and Exposures) identifier. This ID allows suppliers, asset owners, and threat hunters to tag the flaw and communicate about it. A CVE often has an accompanying CVSS (Common Vulnerability Scoring System) score, which indicates how critical the flaw is (the higher the number, the more critical the flaw). The CVE may also contain CPE (Common Platform Enumeration) names, which are useful for assigning the vulnerability to assets.

FACT helps you automate vulnerability management by continuously monitoring the NVD, supplier websites, and other online sources for vulnerability disclosures and then correlating those with all the software and subcomponents present in your environment.

With FACT you can easily see where vulnerabilities are present across your entire software ecosystem. The Visibility Report dashboard shows you, at a glance, how many of your products are potentially affected by vulnerabilities, along with the status of your investigations. From there, you’re a click away from viewing the associated files and drilling into them to view the vulnerabilities and the affected components.

Each vulnerability associated with your product file could negatively impact its FACT score, but you can easily manage that by performing the following tasks:

Additional functionality lets you:

It's important to remember that vulnerability management is not a “one-and-done” job: new vulnerabilities are continuously discovered and reported. FACT helps you keep on top of this ongoing process.


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.