An Exploratory Study into Vulnerability Chaining Blindness Terminology and Viability
share
To tie together the concepts of linkage blindness and the inability to link vulnerabilities together in a Vulnerability Management Program (VMP), the researcher postulated new terminology. The terminology of vulnerability chaining blindness is proposed to understand the underlying issues behind vulnerability management and vulnerabilities that can be used in combination. The general problem is that IT and cybersecurity professionals have a difficult time identifying chained vulnerabilities due to the complexity of vulnerability prioritization and remediation (Abomhara Køien, 2015; Felmetsger et al., 2010). The specific problem is the inability to link and view multiple vulnerabilities in combination based on limited expertise and awareness of vulnerability chaining (Tang et al., 2017). The population of this study was limited to one focus group, within the IT and Security fields, within the United States. The sample size consisted of one focus group comprised of 8-10 IT and cybersecurity professionals. The research questions focused on if participants were aware of linkage blindness or vulnerability chaining, as well as if vulnerability chaining blindness would be applicable to describe the phenomenon. Several themes emerged through top-level, eclectic, and second-level coding data analysis. These themes included complexity in cybersecurity programs, new concepts in vulnerability management, as well as fear of the unknown and where security meets technology. Keywords: linkage blindness, vulnerability chaining, vulnerability chaining blindness, vulnerability management
READ FULL TEXT