Creating a vulnerability map is beneficial for a planned software system as-
- It lists out all known vulnerabilities – not listing them out will lead to the release of a software application by a team which is ignorant of its flaws
- It helps in business and technical decision-making – a programming language, an operating system, or a particular DBMS, each brings with it, its inherent vulnerabilities.
Being aware of the cumulative of these vulnerabilities helps in making business and technical decisions.
Not knowing about the vulnerabilities would lead to uninformed and inherently weak decisions
- It helps come up with a plan to deal with them – each vulnerability can be assessed, verified, and the risks associated with it can then be either accepted, mitigated, or transferred.
This leads to a robust and secure software, which springs no unpleasant security surprises, on being released
- It helps the team reduce the attack surface and thus drastically reduce risk
- A vulnerability map can help trigger a “Software Vulnerability Management LifeCycle” and can lead to the building of secure software.
This diagram by “Secunia Research” depicts one-