Thursday, January 27, 2011

Tracking Security Vulnerability remediation

I've been looking into this for a little while, but havn't really found anything suitable.

What I am looking for is a system to track security vulnerability remdiation status. Something like "bugzilla for IT"

What I am looking for is something pretty simple that allows the following:

  • batch entry of new vulnerabilities that need to be remediated
  • Per user assignment
  • AD/LDAP Authentiation
  • Simple interface to track progress - research, change control status, remediated, etc.
  • Historical search ability
  • Ability to divide by division
  • Ability to store proof of resolution for the Security Team to access
  • Dependency tracking
  • Linux based is best (that's my group :) )
  • Free is good, but cost doesn't matter so much if the system is worth it

The systems doesn't have to have all of these features, but if it did that would be great.

yes we could use our helpdesk software, but that has a bunch of pitfalls such as triggering SLA alerts and penalties as well as not easily searchable outside of a group.

Most of what I have found are bug tracking systems that are geared towards developers, and are honstely way overkill for what I am looking for.

Server Faults input is greatly appreciated as always!

From serverfault Zypher

  • This is not an answerable question, but a discussion opener and rather belongs to a forum...

    From Craig

  • Ok, as far as I know, there is no product that will do this; would have to roll your own.

    As far as starting points, I would start with Metasploit and nmap to gather your vulns, drop them into a db (mysql, postgres, etc.), and use that input as creation items for a bug-tracker (Trac, Redmine, etc) and use that as your ticketing engine.

    As far as getting your AD/LDAP authentication records, you could probably do that input with syslog collection; I'm not sure if you could collect directly from there into your db.

    I won't go as far as to say that 'if you productized this, you'd get rich', but with the right SEO, you could certainly get a lot of pageviews and/or consulting offers.

    In any case, I hope it's worth it to you, because it's going to be a lot of work! ;-)

    UPDATE: Have you looked into Metasploit?

    From gWaldo
Posted by Mu Cat at 6:56 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)