Abstract: Mechanisms are provided for assessing control checks and components of a vulnerability management system (VMS) for a computing infrastructure. A security vulnerability risk gap assessment of the VMS is executed to generate result data for a plurality of control checks. For each control check, the mechanisms: classify the control check into a maturity level having a corresponding maturity level value; classify each of a plurality of vulnerability assessment security control rating (VASCR) elements into a predetermined classification having corresponding classification values for the control check; and combine the maturity level value and the VASCR element classification values to generate a prioritization score. A graphical user interface output is generated comprising a representation of a prioritized ranked listing of control checks based on the prioritization scores associated with each of the control checks in the plurality of control checks.

Abstract: A computer-implemented method for prioritizing exclusion renewal records is disclosed. The computer-implemented method includes determining vulnerability factors associated with a vulnerability exclusion record. The computer-implemented method further includes generating a vulnerability factor score for each vulnerability factor associated with the vulnerability exclusion record based, at least in part, on a level of risk associated with the vulnerability factor. The computer-implemented method further includes generating a vulnerability score for the vulnerability exclusion record based, at least in part, on the vulnerability factor score for each vulnerability factor. The computer-implemented method further includes updating a previous vulnerability score of the vulnerability exclusion record.

Abstract: The subject matter herein provides an automated system and method for software patch management that ranks patches at least in part according to a score indicative of a complexity (e.g., cost) of remediating a vulnerability. This score is sometimes referred to herein as a vulnerability remediation complexity (VRC) score. A VRC score provides an objective measure by which an organization can determine which patches are most likely to be successfully applied, thus enabling implementation of a patching strategy that preferentially applies most critical, but less impact (in terms of remediation cost) patches first to remediate as must risk as possible as quickly as possible. Thus, for example, the approach herein enables the patching to focus on vulnerabilities of highest severity and small remediation cost over those, for example, representing lower severity and higher remediation cost.

Abstract: A computer-implemented method for prioritizing exclusion renewal records is disclosed. The computer-implemented method includes determining vulnerability factors associated with a vulnerability exclusion record. The computer-implemented method further includes generating a vulnerability factor score for each vulnerability factor associated with the vulnerability exclusion record based, at least in part, on a level of risk associated with the vulnerability factor. The computer-implemented method further includes generating a vulnerability score for the vulnerability exclusion record based, at least in part, on the vulnerability factor score for each vulnerability factor. The computer-implemented method further includes updating a previous vulnerability score of the vulnerability exclusion record.

Abstract: The subject matter herein provides an automated system and method for software patch management that ranks patches at least in part according to a score indicative of a complexity (e.g., cost) of remediating a vulnerability. This score is sometimes referred to herein as a vulnerability remediation complexity (VRC) score. A VRC score provides an objective measure by which an organization can determine which patches are most likely to be successfully applied, thus enabling implementation of a patching strategy that preferentially applies most critical, but less impact (in terms of remediation cost) patches first to remediate as must risk as possible as quickly as possible. Thus, for example, the approach herein enables the patching to focus on vulnerabilities of highest severity and small remediation cost over those, for example, representing lower severity and higher remediation cost.

Abstract: A method, apparatus, system, and computer program product for operating a portable security testing device. The portable security testing device is configured by computer system with an operating system and a starting set of security testing tools. A selected set of the security testing tools is determined by the computer system for the portable security testing device based on information collected about a target by the portable security testing device. The starting set of the security testing tools in the portable security testing device is changed by the computer system to form a current set of the security testing tools in response to the starting set of the security testing tools being different from the selected set of the security testing tools, wherein the current set of the security testing tools operate to perform security tests on the target.

Abstract: A method, apparatus, system, and computer program product for operating a portable security testing device. The portable security testing device is configured by computer system with an operating system and a starting set of security testing tools. A selected set of the security testing tools is determined by the computer system for the portable security testing device based on information collected about a target by the portable security testing device. The starting set of the security testing tools in the portable security testing device is changed by the computer system to form a current set of the security testing tools in response to the starting set of the security testing tools being different from the selected set of the security testing tools, wherein the current set of the security testing tools operate to perform security tests on the target.