How do you address code vulnerabilities identified in the development lifecycle and during runtime?

We follow the below given steps to track remediation progress:

Our vulnerability and remediation system based on the following.

Discover: Identify vulnerabilities through testing and scanning. The identified vulnerability is systematically evaluated by our concern personal and looks for security weaknesses and vulnerabilities. The assessment provides us with the information to classify, prioritize, and remediate weaknesses. Based on the test provides an accurate risk assessment of vulnerabilities and discovers bugs that automated scans miss.

Prioritize: We are using Common Vulnerability Scoring System to communicate the vulnerability’s severity and characteristics.  The CVSS scoring system calculates severity based on the attack vector, complexity, and impact.

Remediate: Block, patch, remove components, or otherwise address the weaknesses. The concern person assign vulnerability disclosures to staff members who are in charge of a particular system. Database administrators will fix any database-related vulnerabilities while development teams fix any application vulnerabilities. Remediation times can vary depending on the vulnerabilities’ impact and the steps to fix them. We carefully plan remediation because patches can require downtime or have unintended effects. Development teams may release a temporary patch to provide a workaround when they need more time to fix the vulnerability properly.

Monitor:

• Ingestion of various data formats with flexible normalization

• Reviewing of normalized data for changes and modifications as needed

• Distribution of normalized data to our backup points

• Tracking the data distributed to our backup points to keep a central listing up to date

• Ensuring policy is adhered to across the various systems where the data is tracked

• Reporting on the outcome of vulnerabilities.