Summary
In this chapter, we covered various activities associated with vulnerability management. We covered vulnerability identification methods such as static and dynamic analysis, information gathering techniques (threat feeds, OSINT, pen testing, and a bug bounty), and vulnerability scan data analysis. This included using CVSS and effective patch management to prioritize and remediate vulnerabilities, which are then documented in a management report.
The knowledge gained in this chapter will prepare you to answer any questions relating to Exam Objective 4.3 in your CompTIA Security+ certification exam.
The next chapter of the book is Chapter 17, Explain security alerting and monitoring concepts and tools.