cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer III

Vulnerability management aggregation tools

So following a discussion launched on another social media platform, I compiled a list of what tools folk were advocating over at https://github.com/kempy007/VulManAgg

 

Now the crux of the conversation was;

 

"Application security vulnerability management - which tool do you find the most useful to store, manage, and prioritize vulnerabilities?  

...

I'd like to hear some honest feedback from those who have implemented these solutions. PLEASE no sales pitches or solicitation."

 

Some of the tools claim to be able to pull in Application scans and Network scans and even Source Code scans and to output to multiple defect tracking tools. 

So my question is have I missed any worth noting, and what are your experiences with the ones you have used.

7 Replies
Community Champion

Re: Vulnerability management aggregation tools

 

You might have to check the link you included; it opens a page on GITHub that displays

 

 

404 This is not the web page you are looking for.

 

 

 

 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
Newcomer III

Re: Vulnerability management aggregation tools

A space got included Smiley Sad
Newcomer III

Re: Vulnerability management aggregation tools

We wrote our own tool.   

Newcomer III

Re: Vulnerability management aggregation tools

You know sharing is caring! 

 

Care to spill the details, which components did you elect to use and why.

 

Does it improve asset management, is it part of a GRC tool. 

 

Why did you write your own tool, was there a lack of choice?

Newcomer III

Re: Vulnerability management aggregation tools

Hi - nope, it's not a part of Archer of any other GRC tool.   It was written by one of our teams.

 

All vulns found are loaded into a database (I think it's MS SQL Server), and a front-end was written.   All vulnerabilities are assigned a "traunch" based on their CVSS/CVE score, internal vs external, etc.

 

This makes it very easy to determine if remediation is overdue and we can collect really good stats to help us determine who needs "encouragement" to remediate on-time.

 

I can't share a ton of details, but that high level view should help you know where we're coming from.

Newcomer III

Re: Vulnerability management aggregation tools

If you can share a schema and BPMN chart it would be helpful to others.

Highlighted
Newcomer III

Re: Vulnerability management aggregation tools

Can't.   It's proprietary - company intellectual property.   Sorry.