.svg)
.svg)
How to work out MTTD (Mean Time to Detection)?
Understanding the mean time to detection of a vulnerability is interesting, there are two key pieces of information that you need.
Understanding the mean time to detection of a vulnerability is interesting, there are two key pieces of information that you need.
The first piece of information is around where a vulnerability may have been introduced, you need to be monitoring, measuring and capturing information about all of the various different changes and sources of potential vulnerabilities in order to truly understand the advent and the provenance.
The second thing you need to do is consolidate your understanding on what you consider to be a vulnerability. Do you consider something that a very paranoid SAST tool has highlighted as a potential deficiency to be a vulnerability? Or do you consider it to be a vulnerability when you've got a level of confidence in the validity of it when its been manually verified in some way?
You really need to have a system where you can funnel in all of these feeds of information about both the changes and about the vulnerabilities (with their related details) and combine these together in order to properly gauge your mean time to detection.
.svg)
Get a Free Trial From Cytix
Haven’t tried Cytix yet? Try our free trial to see how it works.
Get a Free Trial
.svg)
.svg)
Start Detecting Vulnerabilities Others Miss Today
- Detect Vulnerabilities Faster
- Patch Vulnerabilities Faster
- Be more compliant
.
28 Apr
2024
How do you understand performance over time?
.svg)
In order to get to grips with the performance of your software or product over time, you really need to be taking incremental measurements of your cybersecurity.
.
21 Apr
2024
Will there come a day where there are 0 vulnerabilities to find?
There's a growing potential for AI to remove many sources of vulnerabilities, but does that mean we're going to see a day where code is being written without any vulnerabilities being introduced into systems?
.
21 Apr
2024
How do you work out MTTR (Mean Time to Response)?
MTTR is all about looking at where you're handing your information over to the people who are responsible for fixing the vulnerabilities. Once it's handed over, the process has begun. So, we know where the timer starts, but where does it end? When have we determined that the response period is finished?
