Much like software, a vulnerability has a life cycle from inception to remediation. However, most companies only address the latter-half of the lifecycle: detection and remediation. Missing are the steps to prevent vulnerabilities from ever entering code. Also missing are the continuous monitoring of in production code for new weaknesses, both known and unknown. Vulnerability management is still important but done in isolation, it no longer sufficiently captures the breadth or context necessary for understanding critical business risk. We’ll draw inspiration from Secure SDLC approaches as we look at how to combine various security and development programs and processes to create a holistic approach to vulnerability lifecycle management.
We’ll look at how you can:

Start with vulnerability scanning and management as a foundation
Increase adoption and reduce friction between development and security teams through shared workflows and providing proper context
Mature your approach by extending out “to the right” with asset and infrastructure data
Support compliance efforts with risk-based policies and automated controls
Bookend the entire vulnerability lifecycle with threat modeling and breach & attack simulation
Measure effectiveness and maturity of your vulnerability lifecycle management program