Night Mode LabsBlue Book
Security Playbooks

Vulnerability Management

Vulnerability management is the process of finding, prioritizing, remediating, and proving closure of security weaknesses. It should be risk-based, not an infinite queue of scanner noise.

Sources

Collect findings from:

  • Dependency and package scanners.
  • Container image scanners.
  • Infrastructure-as-code scanners.
  • Runtime cloud posture tools.
  • Penetration tests and security reviews.
  • Bug bounty or responsible disclosure reports.
  • Incident and postmortem findings.

Triage factors

Prioritize by:

  • Exploitability.
  • Internet exposure.
  • Data sensitivity.
  • Privilege required.
  • Compensating controls.
  • Asset criticality.
  • Known active exploitation.

Workflow

Remediation expectations

Define remediation targets by severity and exposure. For example, critical internet-exposed issues may require immediate mitigation while low-risk internal findings can follow normal planning.

Every deferred finding should have:

  • Owner.
  • Reason for deferral.
  • Compensating control.
  • Review date.
  • Risk acceptance where required.

Watchouts

  • Scanner severity is not the same as business risk.
  • Ignored findings need expiry and review.
  • Base image and CI action vulnerabilities are still dependencies.
  • Remediation evidence should come from systems of record.

Threat Modeling

Previous Page

Supply Chain Security

Next Page

On this page

SourcesTriage factorsWorkflowRemediation expectationsWatchouts