Vulnerability research - prototype VULR

(new)

The discovery, assessment and mitigation of security vulnerabilities.

Guidance notes

A security vulnerability is a weakness, flaw, or error found within a security system that has the potential to be leveraged by an external agent to compromise a secure system.

Vulnerability research activities include - but not limited to...

  • researching new threats, attack vectors, risks and potential solutions
  • reverse engineering hardware or software 
  • applying tools such as disassemblers, debuggers, and fuzzers 
  • analysis of embedded devices,
  • identifying and exploiting common vulnerability patterns,
  • develop techniques and tools to analyse and expose vulnerabilities
  • designing new vulnerability discovery techniques

Vulnerability research - prototype: Level 6

(new)

Plans and leads the organisation’s approach for vulnerability research. Identifies and assesses new and emerging threats and vulnerabilities. Maintains a strong external network. Takes a leading part in external-facing professional activities to facilitate information gathering and set the scope of the work. Engages with, and influences, relevant stakeholders to communicate results of research and the required response. Develops organisational policies and guidelines for monitoring emerging threats and vulnerabilities.

Vulnerability research - prototype: Level 5

(new)

Plans and manages vulnerability research and assessment activities. Maintains a strong external network within own area of specialism. Gathers information on new and emerging threats and vulnerabilities. Adopts and adapts vulnerability assessment techniques and tools to be used by others. Assesses and documents the impacts and threats to the organisation. Creates reports and shares knowledge and insights with others. Contributes to the development of organisational policies, standards, and guidelines for vulnerability research and assessment. Provides advice on vulnerability research to support others.

Vulnerability research - prototype: Level 4

(new)

Designs and executes complex vulnerability research and assessment activities. Specifies requirements for environment, data, resources and tools to perform assessments. Reviews test results and modifies tests if necessary. Creates reports to communicate methodology, findings and conclusions. Reports on system quality and collects metrics on test cases. Provides advice to support others. Makes an active contribution to research communities.

Vulnerability research - prototype: Level 3

(new)

Applies standard techniques and tools for vulnerability research and assessment. Uses available resources to update knowledge of relevant specialism. Participates in research communities. Analyses and reports on activities and results.