Asset management is a serious issue across the information security space. A very common challenge we see for organizations running an application security program is just getting an idea of what applications they have available and what infrastructure has been deployed to support them. You can’t protect attack surface that you don’t know about, so trying to run a successful program without at least a decent concept of what your portfolio’s attack surface looks like is a non-starter. Note that this isn’t even looking at all the challenges associated with vulnerability management – this is the problem you have to address before you get to start addressing the vulnerability management problem. The issue is something I had been talking a lot about a year or so ago, and I presented at a couple of conferences.
Go to Source of this post
Author Of this post: