
The Energy Collective Group
This group brings together the best thinkers on energy and climate. Join us for smart, insightful posts and conversations about where the energy industry is and where it is going.
Shared Link
Terminology Confusion Regarding Vulnerability Reporting
The Log4j vulnerability that affected so many in the energy industry has highlighted the need to automate software vulnerability reporting by software vendors and enable software consumers to rapidly perform risk assessments whenever a new software vulnerability is reported. The existing "Security Bulletin", "read em and weep" approach is too inefficient, leaving our critical infrastructures vulnerable to cyber breaches over long periods of time. Automation is key to success - the only problem is "which vulnerability reporting format to use"? This article describes the various options available to report software vulnerabilities.
Terminology Confusion Regarding Vulnerability Reporting
It is imperative for society to take the steps needed to improve our risk assessment capabilities and improve response time when new vulnerabilities are discovered. Existing, labor intensive, slow and inefficient manual processes must be replaced.
Discussions
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.
Sign in to Participate