Vulnerability-Based Analysis 

Vulnerability-based analysis (VBA) is performed in the areas, such as security testing, operational security, and structural security. While this can, should, and will be applied to any domain, Shamrock Cyber’s current focus is software assurance. The three segments of VBA are:

• Structural Security – the security of a system based on its construction. For software assurance, this means static application security testing and open-source analysis.
• Operational Security – the security of the system’s behavior while in operation. For software assurance, this means dynamic application security testing.
• Security Testing – the scenario-based, comprehensive security testing.

Outcome

The objective of VBA is to perform an analysis that eliminates false positives, summarizes the vulnerabilities, and makes recommendations. The Shamrock Cyber Vulnerability Profile provides customized guidance and allows the system owner to prioritize vulnerabilities.