信息安全漏洞全生命周期管理

Full life-cycle management of information security vulnerabilities

本文以某网上营业厅重置任意用户密码漏洞为线索,详细介绍了漏洞的概念以及漏洞的整个生命周期,包括漏洞的产生、发现、公开、管理和消亡,并详细介绍了漏洞在生命周期中每个阶段的成因、形式、发现方法和具体的应对措施。

In this paper, to an online business hall reset any user password vulnerability for clue, we introduced the concept of vulnerability, and vulnerability of the entire life cycle, including the generation of vulnerability discovery, disclosure, management and demise. Meanwhile, the paper described in detail the vulnerabilities in each stage in the life cycle of the causes, forms of discovery methods and specific measures to deal with.