We were more than pleased to read a new report by John Pescatore of Gartner recommending that security managers adopt the use of the Common Vulnerability Scoring System (CVSS) to support more repeatable, fast-acting vulnerability management processes.
This recommendation backs up the decision made by our CTO, Chris Wysopal, more than a year ago to adopt the CVSS standard as a part of the Veracode rating system.
Another interesting recommendation in the report is: "Enterprieses should ensure that processes are in place to detect, assess, and manage each software vulnerability class." You'll need a combination of static, dynamic and manual testing to do it all.
Gartner requires you to have a login to read the entire article.
On a side note, we are now linking to Technorati: