Vulnerability Manager v20100115 in the wild
Denim Group’s Vulnerability Manager allows security teams to import and consolidate application-level vulnerabilities, automatically generate virtual patches, monitor attack attempts, communicate with defect tracking systems, and evaluate team maturity. Because this is done in a centralized system, application security managers have greatly increased visibility into and control of these processes, and they are collecting data that can be used to support sophisticated conversations with their managers and executives.
I just finished testing VM (with Netsparker, Orizon, CAT.net and Findbugs). It is just AWESOME !!!
Vulnerability Manager supports automatic and manually-assisted merging of vulnerabilities so that static and dynamic results can be correlated. Well-defined software interfaces allow for organizations to easily create import capabilities for new tools as long as the results are available in a structured format. Basic importers can be created in just a few hours of coding and these importers can be incrementally improved over time.
Commercial:
- IBM Rational AppScan Source Edition (formerly Ounce Labs)
- Fortify SCA/360 (unreleased)
- Checkmarx
- Microsoft CAT.NET
- IBM Rational AppScan
- WhiteHat Sentinel
- Mavituna Netsparker
Free:
- OWASP Orizon
- FindBugs
Vulnerability importers for new technologies can easily be supported by extending the Vulnerability Manager using well-defined software interfaces.
Global features of VM
- Application Portfolio Management
- Vulnerability import
- Real Time Protection (Virtual Patching)
- Attack tracking
- Defect tracking
- Maturity tracking
Post scriptum
Compliance Mandates
|
Related Articles
| Vulnerability Management |
|
| Vulnerability Manager |
|
