Dec 4, 2014

Normalization Of Vulnerability Nomenclature

Finding a vulnerability and naming a vulnerability are two different phenomena. Finding a high-profile high-severity vulnerability requires a clever mind, diligence and of course experience. However, finding an expressive and good name for that vulnerability requires other abilities, that's for sure.

There are many security vulnerability names that don't really express much about itself. Sometimes the vulnerability names that researchers come up with for their beloved 0-days are too clever and sometimes they are explicitly designed for advertisement.

"An example?" you may ask... How is Poodle? Session Puzzling? or Cross Site Flashing? or even Padding Oracle?

If you are a non-english speaker then perhaps the real problem shows its face when you are trying to translate all those vulnerability names into your native language. A lost cause!

Plus different vulnerability scanners, web or non-web, include different names for the same vulnerabilities.

NormShield provides you an easy way to dynamically aggregate existing vulnerability into vulnerability you create during any period of your vulnerability management process . Hence after a while you will have a standard view of your vulnerabilities in one place helping your information security maturity level by providing a shared vulnerability nomenclature.