The Good, the bad, and the vulnerable

The need for vulnerability management in the cloud creates new challenges and opportunities. In this report, the Wiz Security Research team discusses how vulnerability management in the cloud requires an understanding of both Application Security (AppSec) and Cloud Security (CloudSec). They also explore insights on vulnerability management in cloud environments — using recently identified vulnerabilities as examples — and share some insights into their methodology for vulnerability intelligence. 

Read the report to learn about:  

• Technology prioritization and vulnerability type prioritization 

• How the Security Research team uses CVSS (Common Vulnerability Scoring System) metrics and external vulnerability intelligence 

• What questions to ask when triaging vulnerabilities 

• Utilizing data on technology prevalence in cloud environments 

• Checking the public network exposure of vulnerable workloads