disclosure
statement
 

Vulnerability study

Conduct applied research to detect, assess and mitigate new or unknown vulnerabilities and security weaknesses.

Methodological Guidelines:

A security vulnerability is a weakness, flaw, or bug detected in a security system that could potentially be exploited by an external agent to compromise a protected system.

Activities may include, but are not limited to:

Examining new threats, attack vectors, risks, and potential solutions

Reverse engineering of hardware or software application of tools such as disassemblers, debuggers and phasers

Analysis of embedded devices

Development of methods and tools for vulnerability analysis and detection

Development of new vulnerability detection methods sharing mitigation techniques with relevant stakeholders.

Exploring vulnerabilities: level 3

Applies standard methods and tools for vulnerability research. Uses available resources to update knowledge of relevant specialization. Participates in research communities.

Analyzes and reports on activities and results.

Vulnerability Research: level 4.

Develops and performs complex vulnerability research activities. Determines requirements for environment, data, resources, and tools for assessments. Analyzes test results and modifies tests as necessary. Creates reports to communicate methodology, results, and conclusions. Advises on cheating techniques using identified patterns. Contributes actively to the research communities.

Vulnerability Studies: level 5.

Plans and manages vulnerability research activities. Maintains a strong external network in vulnerability research. Gathers information on new and emerging threats and vulnerabilities. Assesses and documents impact and threats to the organization. Creates reports and shares knowledge and insights with stakeholders. Provides expert advice and guidance to support the implementation of vulnerability research tools and techniques. Contributes to the development of organizational policies, standards, and guidelines for vulnerability research and assessment.

Vulnerability Research: level 6.

Plans and directs the organization's approach to vulnerability research. Identifies new and emerging threats and vulnerabilities. Maintains a strong external network. Leads participation in external professional activities that help gather information and determine the scope of research work. Interacts with and influences relevant stakeholders to communicate research findings and necessary responses. Develops organizational policies and guidelines for monitoring emerging threats and vulnerabilities.