In an age where organizations have established a direct dependence on software to run critical business operations, it’s fundamental that they are evaluating their software development lifecycles and that of their extended environment — third-party partners — against the same standards. Concerns around vulnerability management are gaining more government attention around the world in order to acknowledge and emphasize vulnerability detection capabilities across the supply chains. In fact, the National Institute of Standards and Technology (NIST) issued guidance concerning the minimum standards that vendors or developers should meet to verify enterprise software. The standards are meant to encourage a common framework across government and industry regarding how organizations manage critical software and protect data privacy, integrity and confidentiality.
As a hacker for X-Force Red, one of my main priorities is identifying software vulnerabilities that, if exploited, can lead to large-scale business compromise and data exposure. So, when I recently discovered a zero day vulnerability — a flaw that up until that moment no one knew existed — it was an exciting occasion, and enabled our team to help reduce the risk of exploitation. The feat occurred during a penetration testing engagement for an X-Force Red client that used the ManageEngine ServiceDesk.
The ManageEngine ServiceDesk is a help desk management platform that includes core help desk and IT management applications, in addition to project management, contract management and features for ITIL (information technology infrastructure library) compliance. The platform is widely deployed and, according to the ManageEngine
Support the originator by clicking the read the rest link below.
