Vulnerability Scanning

Vulnerability scanning is used to find potentially exploitable software vulnerabilities to remediate them.

Techniques Addressed by Mitigation

Domain ID Name Use
Enterprise VT0004 Supply Chain Compromise

Continuous monitoring of vulnerability sources and the use of automatic and manual code review tools should also be implemented as well.[1]

.002 Compromise Software Supply Chain

Continuous monitoring of vulnerability sources and the use of automatic and manual code review tools should also be implemented as well.[1]

.001 Compromise Software Dependencies and Development Tools

Regularly scan externally facing systems for vulnerabilities and establish procedures to rapidly patch systems when critical vulnerabilities are discovered through scanning and through public disclosure.[1]

References

Attachments

ID
VM0009
Version
1.1

Created: 02 December 2020

Last Modified: 11 March 2021