Discovering Assets and Determining Ownership

Episode 14 December 9, 2022
YouTube video

Ownership: a too-often neglected element of vulnerability management, even though it’s just as important as any step before or after. Passing the torch anywhere other than to a specific person or team is a good way to watch it burn out in a dark oubliette of Jira. It’s up to security to understand the scope of ownership around an asset and appropriately assign responsibility throughout the lifecycle of its associated risk finding(s). Tickets need the right caretakers—lest we start an orphanage for the droves of address-less vulnerabilities.