Vulnerability Assessments: Cracks in the Fortress?

Vulnerabilities are classified as either algorithmic or probabilistic, and either proved or theoretical. Vulnerability scanners are an easy way to identify known algorithmic vulnerabilities (bugs) existing in components in a network or on servers. Scanners can quickly interrogate thousands of components, producing intelligible reports with an embarrassingly long and detailed list of found issues. Human error committed during system administration, including new component configuration, creates vulnerabilities most easily found by a scanner. Other forms of testing can be used with the intended purpose of identifying proved weaknesses that may or may not exist at any specific point in time.

Many algorithmic bugs are introduced through human error, either during administration or through coding and other development errors they can be easily eradicated by correcting the error. Other weaknesses are more difficult to eliminate, which gets into the area of risk management.

Article Source: