OWASP Vulnerability Management Guide



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

OWASP Vulnerability Management Guide
Vulnerability management is one of the most effective means of controlling cybersecurity risk. Yet, as indicated by the wave of massive data breaches and ransomware attacks, all too often organizations are compromised over missing patches and misconfigurations. Vulnerability management seeks to help organizations identify such weaknesses in its security posture so that they can be rectified before they are exploited by attackers. The OWASP Vulnerability Management Guide project seeks to establish guidance on the best practices that organizations can use establish a vulnerability management program within their organization. The guide provides in depth coverage of the full vulnerability management lifecycle including the preparation phase, the vulnerability identification/scanning phase, the reporting phase, and remediation phase.

Description
The vulnerability management guide should help to breakdown vulnerability management process into a manageable repeatable cycles tailored to your organizational needs. Target audience: information security practitioners of all levels, IT professionals, and business leaders.

Vulnerability Management Cycle:
 * DETECTION
 * REPORTING
 * REMEDIATION

Licensing
The OWASP Vulnerability Management project is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

Roadmap
As of September 2018, the highest priorities for the next 8 months are:
 * a “bare bones” list (done!);
 * a logical diagram (coming soon);
 * a Power Point presentation (coming soon);
 * a DIY guide with notes that reference controls, useful sources, and examples (coming 2019);
 * a DIY guide with the notes, examples, and illustrations (coming 2020).

Subsequent releases will be unscheduled:
 * Bug Fix
 * Internationalization


 * valign="top" style="padding-left:25px;width:200px;" |

Getting Involved
Get Involved by:
 * Promoting. Please spread the word!
 * Adopting. The best contribution is your adoption!
 * Collaborating. Please specify in comments how would you like to contribute on GitHub.

Project Leader

 * Elizabeth Frenz

Classifications

 * }