How to Win Friends and Remediate Vulnerabilities

In today's era of rapid release development projects, finding vulnerabilities is not difficult. The WhiteHat Website Security Statistics report, released in May of 2013, states that 86% of websites tested by the company had at least one serious vulnerability which would allow an attacker to compromise all or part of that website. These vulnerabilities required an average of 193 days for remediation. (WhiteHat Security, 2013)Many security professionals have spent countless hours finding critical vulnerabilities only to have their reports treated with disdain and apathy by those whose skills and assistance is required to remediate the risk. The security landscape is replete with individuals and tools that can quickly find security vulnerabilities. Unfortunately, there are comparatively fewer individuals who can effectively manage the mitigation process to reduce business risk.This paper explores methods for managing the vulnerability mitigation process and winning others to the cause. Specifically, it explores how to apply principles of effective human relations that have stood the test of time.These principles, if applied consistently, will lead to healthier relationships between security and development teams, shorter vulnerability remediation times and ultimately reduced risk for the business.