https://community.isc2.org/t5/Tech-Talk/Vulnerability-management-aggregation-tools/m-p/39508#M2969 <P>To update your list, add NorthStar:<BR /><BR /><A href="https://www.northstar.io/how-it-works/" target="_blank">https://www.northstar.io/how-it-works/</A></P><P>&nbsp;</P><P>&nbsp;</P> Fri, 25 Sep 2020 18:08:29 GMT TPAASYCC 2020-09-25T18:08:29Z https://community.isc2.org/t5/Tech-Talk/Vulnerability-management-aggregation-tools/m-p/16477#M620 <P>So following a discussion launched on another social media platform, I compiled a list of what tools folk were advocating over at&nbsp;<A href="https://github.com/kempy007/VulManAgg" target="_blank">https://github.com/kempy007/VulManAgg</A></P><P>&nbsp;</P><P>Now the crux of the conversation was;</P><P>&nbsp;</P><P><SPAN class="ember-view"><SPAN>"Application security vulnerability management - which tool do you find the most useful to store, manage, and prioritize vulnerabilities? </SPAN></SPAN><SPAN class="ember-view"><SPAN>&nbsp;</SPAN></SPAN></P><P><SPAN class="ember-view"><SPAN>...</SPAN></SPAN></P><P><SPAN class="ember-view"><SPAN>I'd like to hear some honest feedback from those who have implemented these solutions. PLEASE no sales pitches or solicitation."</SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class="ember-view"><SPAN>Some of the tools claim to be able to pull in Application scans and Network scans and even Source Code scans and to output to multiple defect tracking tools.&nbsp;<BR /><BR />So my question is have I missed any worth noting, and what are your experiences with the ones you have used.</SPAN></SPAN></P> Mon, 09 Oct 2023 09:01:15 GMT https://community.isc2.org/t5/Tech-Talk/Vulnerability-management-aggregation-tools/m-p/16477#M620 Kempy 2023-10-09T09:01:15Z https://community.isc2.org/t5/Tech-Talk/Vulnerability-management-aggregation-tools/m-p/16499#M628 <P>&nbsp;</P><P>You might have to check the&nbsp;link you&nbsp;included; it opens a page on GITHub that displays</P><P>&nbsp;</P><P>&nbsp;</P><P><STRONG>404 This is not the&nbsp;web page you are looking for.</STRONG></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 19 Nov 2018 11:22:21 GMT https://community.isc2.org/t5/Tech-Talk/Vulnerability-management-aggregation-tools/m-p/16499#M628 Shannon 2018-11-19T11:22:21Z https://community.isc2.org/t5/Tech-Talk/Vulnerability-management-aggregation-tools/m-p/16501#M629 A space got included <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span> Mon, 19 Nov 2018 12:33:16 GMT https://community.isc2.org/t5/Tech-Talk/Vulnerability-management-aggregation-tools/m-p/16501#M629 Kempy 2018-11-19T12:33:16Z https://community.isc2.org/t5/Tech-Talk/Vulnerability-management-aggregation-tools/m-p/17113#M711 <P>We wrote our own tool.&nbsp; &nbsp;</P> Tue, 18 Dec 2018 20:44:37 GMT https://community.isc2.org/t5/Tech-Talk/Vulnerability-management-aggregation-tools/m-p/17113#M711 DHerrmann 2018-12-18T20:44:37Z https://community.isc2.org/t5/Tech-Talk/Vulnerability-management-aggregation-tools/m-p/17163#M722 <P>You know sharing is caring!&nbsp;</P><P>&nbsp;</P><P>Care to spill the details, which components did you elect to use and why.</P><P>&nbsp;</P><P>Does it improve asset management, is it part of a GRC tool.&nbsp;</P><P>&nbsp;</P><P>Why did you write your own tool, was there a lack of choice?</P> Thu, 20 Dec 2018 08:48:28 GMT https://community.isc2.org/t5/Tech-Talk/Vulnerability-management-aggregation-tools/m-p/17163#M722 Kempy 2018-12-20T08:48:28Z https://community.isc2.org/t5/Tech-Talk/Vulnerability-management-aggregation-tools/m-p/17185#M724 <P>Hi - nope, it's not a part of Archer of any other GRC tool.&nbsp; &nbsp;It was written by one of our teams.</P><P>&nbsp;</P><P>All vulns found are loaded into a database (I think it's MS SQL Server), and a front-end was written.&nbsp; &nbsp;All vulnerabilities are assigned a "traunch" based on their CVSS/CVE score, internal vs external, etc.</P><P>&nbsp;</P><P>This makes it very easy to determine if remediation is overdue and we can collect really good stats to help us determine who needs "encouragement" to remediate on-time.</P><P>&nbsp;</P><P>I can't share a ton of details, but that high level view should help you know where we're coming from.</P> Thu, 20 Dec 2018 19:55:00 GMT https://community.isc2.org/t5/Tech-Talk/Vulnerability-management-aggregation-tools/m-p/17185#M724 DHerrmann 2018-12-20T19:55:00Z https://community.isc2.org/t5/Tech-Talk/Vulnerability-management-aggregation-tools/m-p/19682#M929 <P>If you can share a schema and BPMN&nbsp;chart it would be helpful to others.</P> Mon, 04 Mar 2019 09:05:04 GMT https://community.isc2.org/t5/Tech-Talk/Vulnerability-management-aggregation-tools/m-p/19682#M929 Kempy 2019-03-04T09:05:04Z https://community.isc2.org/t5/Tech-Talk/Vulnerability-management-aggregation-tools/m-p/19706#M930 <P>Can't.&nbsp; &nbsp;It's proprietary - company intellectual property.&nbsp; &nbsp;Sorry.</P> Mon, 04 Mar 2019 16:32:20 GMT https://community.isc2.org/t5/Tech-Talk/Vulnerability-management-aggregation-tools/m-p/19706#M930 DHerrmann 2019-03-04T16:32:20Z https://community.isc2.org/t5/Tech-Talk/Vulnerability-management-aggregation-tools/m-p/39508#M2969 <P>To update your list, add NorthStar:<BR /><BR /><A href="https://www.northstar.io/how-it-works/" target="_blank">https://www.northstar.io/how-it-works/</A></P><P>&nbsp;</P><P>&nbsp;</P> Fri, 25 Sep 2020 18:08:29 GMT https://community.isc2.org/t5/Tech-Talk/Vulnerability-management-aggregation-tools/m-p/39508#M2969 TPAASYCC 2020-09-25T18:08:29Z