[LINUX] Second step of information security measures (vulnerability countermeasures-introduction)
Looking back on the last time
This story
- I will share the ** Vulnerability Response ** initiatives (introduction) that I have considered in my current position.
Vulnerability Response (Introduction)
Purpose
- Currently, the product I am in charge of does not operate for vulnerabilities, so I think there is a security risk.
- It is necessary to improve the operation related to vulnerabilities.
Thing you want to do
- Formulation of vulnerability countermeasure operation for the product in charge.
- Focus on "information gathering" and "information analysis" and consider measures
- Reduction of security risk by implementing vulnerability countermeasure operations.
- Realization of vulnerability response iteration in collaboration with developers.
means
- Establish a vulnerability information collection scheme to understand vulnerability trends in the world.
- Establish a vulnerability information analysis scheme, analyze the impact on the product in charge, and determine the necessity of countermeasures.
- If it becomes necessary to take action, we will take action in cooperation with the developer.
Role in Vulnerability Response
- Promotion staff
- Executor
- Backend development team
- Screen development team
Vulnerability response operation flow