Introduction

Vulnerabilities exist; they always have and always will. Just think of the potential impact to the economy if vulnerabilities weren’t present, at least in commercial-grade products. Would major organizations still invest in a security program? What sort of work would we be doing, if not security? As security practitioners and business leaders, we must realize that vulnerabilities are a part of life; a part of our consumption of technology. As such, we must practice due diligence in ensuring that vulnerabilities don’t represent an undo liability to our organization, creating an unacceptable level of risk. This chapter focuses on what a vulnerability assessment is; traditional and alternative methods for discovering vulnerabilities; and the importance of seeking out vulnerabilities.