Automation of software vulnerability monitoring for third party products in large IT companies
Kolev, Stiliyan (2019-08-07)
Automation of software vulnerability monitoring for third party products in large IT companies
Kolev, Stiliyan
(07.08.2019)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
suljettu
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2019091628421
https://urn.fi/URN:NBN:fi-fe2019091628421
Tiivistelmä
This thesis was done for the Product Security Incident Response Team (PSIRT) of a
large IT company. The team provides a centralized vulnerability management service
internally for all of the company’s products. Many software vulnerabilities are disclosed
every day and their timely and accurate evaluation and processing is of great importance
for mitigating cyber threats. To deal with that, the company has identified the benefits
of automation in following various vulnerability sources and subsequently vulnerability
alert creation. When the study began, the PSIRT was already using scripts written in
Python to automate some of the repetitive tasks. However, the scripts were with limited
scope and still required significant manual interaction.
There are two main goals of the thesis. First, opportunities for further automation in the
generation of vulnerability alerts were identified and analysed. Suitability of commercial
vulnerability feeds was also evaluated as part of the study. Second, new scripts were
written, tested and deployed for some of the tasks that were subject to automation.
Various challenges such as trustworthiness of sources of vulnerability information,
naming inconsistencies of third party products (3PP) and considerations regarding
programmatically parsing security advisories are discussed in detail. The target audience
of this thesis are PSIRTs but other organizational units tasked with product security may
benefit as well.
large IT company. The team provides a centralized vulnerability management service
internally for all of the company’s products. Many software vulnerabilities are disclosed
every day and their timely and accurate evaluation and processing is of great importance
for mitigating cyber threats. To deal with that, the company has identified the benefits
of automation in following various vulnerability sources and subsequently vulnerability
alert creation. When the study began, the PSIRT was already using scripts written in
Python to automate some of the repetitive tasks. However, the scripts were with limited
scope and still required significant manual interaction.
There are two main goals of the thesis. First, opportunities for further automation in the
generation of vulnerability alerts were identified and analysed. Suitability of commercial
vulnerability feeds was also evaluated as part of the study. Second, new scripts were
written, tested and deployed for some of the tasks that were subject to automation.
Various challenges such as trustworthiness of sources of vulnerability information,
naming inconsistencies of third party products (3PP) and considerations regarding
programmatically parsing security advisories are discussed in detail. The target audience
of this thesis are PSIRTs but other organizational units tasked with product security may
benefit as well.