Vulnerability tree: Difference between revisions

From Cramsession
Jump to navigationJump to search
✍️ Verified Author: MflavellClick to view professional profile & credentials
No edit summary
Line 18: Line 18:
* vulnerabilities in layer 2
* vulnerabilities in layer 2


* that are implemented in the product or solution at layer 3
* that is implemented in the product or solution at layer 3
   
   
* the action at layer 4 updates the product, fixing the module and resolving the exploit
* the action at layer 4 updates or removes the product, fixing the module and resolving the exploit

Revision as of 21:39, 8 November 2024

This tree is used to link vulnerabilities to remediation actions.


Tree Design

 1  [CVE]  [CVE] [CVE] [CVE]
     \      /     \    /
 2   [Module]     [Module]
          \      / 
 3        [Product]
             |
 4        [Action]

Implications

  • Exploits at layer 1, result from
  • vulnerabilities in layer 2
  • that is implemented in the product or solution at layer 3
  • the action at layer 4 updates or removes the product, fixing the module and resolving the exploit
Retrieved from "https://cramsession.net/index.php?title=Vulnerability_tree&oldid=656"