Vulenrability Management:

In terms of software development life cycle, a vulnerability can be defined as the exploitable weakness present in any phase of the software development which can lead to breach in security of the software. So in order to prevent such exploitation a vulnerability management system has to be made. Vulnerability management can be defined as the process of finding, evaluating, fixing and mitigating the vulnerabilities which arise in various phases of SSDLC. This provides a comprehensive approach to ensure the security by handling the vulnerabilities in the entire lifecycle of the software.

The main points that should be considered in vulnerability management are:

●     Vulnerabilities provide gateway for the threats to become very real

●     Vulnerability scans should be done with remediation

●     Small amount of scanning and remediation  is required

●     Vulnerabilities should be prioritized on the basis of the most potential threats.

●     A process to find the vulnerabilities should be defined and  provided to the security practitioners

Process:

●     First, for each project we need to define an application security point of contact.

●     Then an informal security response team is created

●     Finally, an initial incident response process is made.