Creation of a Framework for Improving the Maturity Level of Vulnerability Management in Applications
...
Vela López, Daniel Esteban | 2024
This document presents a solution that evaluates the capacity of an organization to respond to vulnerability findings and leverages the advantages of DevSecOps to design and create a system to handle them properly. That solution is called a Vulnerability Management System (VMS). This document is divided into five main parts:
Part I describes the objective of this document, the problem that the solution it presents
is trying to solve, and provides some theoretical concepts that the reader needs to know
before starting.
Part II describes a maturity model to assess the current status of vulnerability management in an organization.
Part III describes the scope, objectives, components, and inner workings of the VMS.
Part IV consists of a technical guide in which the organization can find guidelines on
implementing the VMS based on their vulnerability management maturity and organization
limitations.
Part V presents an example implementation of the VMS in a simulated development
environment.
LEER