How do you protect your company against known vulnerabilities?

How do you protect your company against known vulnerabilities? It starts by having an inventory of all the software, client-side and server-side, that you are using (including plugins) and its dependencies and having it continuously updated. Make sure there is a centralized list that has the knowledge of all software and the versions installed. The list should be updated autonomously and automatically. Otherwise, you might get the chance of having an outdated list. If somebody is unavailable and somebody else updates something or forgets to update something then that's the beginning of a problem. Make sure the list can update itself otherwise you have no guarantee that your list is up-to-date.

Now that you have a list and know what to look out for you can be on the lookout. Use software composition analysis tools to automate the process of continuously monitoring sources like the National Vulnerability Database. This way you prevent your company from being dependent on a person or team that reads the latest vulnerabilities. What if they miss something? What if they unexpectedly unavailable? What if...? You have an automated solution that notifies you the moment a vulnerability sees the daylight.

How do you protect your company against known vulnerabilities?

ASP.NET Core SignalR - what has changed?

Virtual patch - Protect yourself against a zero-day vulnerability