Sometimes you would observe a sudden surge in a vulnerability in regular scheduled reports. Also, you would not have observed the vulnerability in past but the first discovered dates are 6 months or perhaps years old.
Following are the points you can consider to find cause of the sudden surge:
1. Scanning vendor changed the severity of the vulnerability
For e.g. Consider a report. The report excluded severity 1, 2 and 3 vulnerabilities. But, severity of the vulnerability was changed from 3 to 4 because of which the vulnerability started appearing in the report. Also, if you shift from one scoring system to another, you can observe such a surge.
2. Scanning vendor changed the detection logic of the vulnerability
For e.g. The detection logic flagged a particular version of a software as vulnerable. But then it was decided by scanning vendor to change the detection logic to exclude the version. But after some time, again the detection logic started flagging the version.
3. Search list was modified
For e.g. Consider a report. The report included a search list as a filter to exclude few vulnerabilities. The search list was modified by a team member and the (QID/Plugin ID) vulnerability was removed.
Happy Learning !!
No comments:
Post a Comment