Summary
Hopefully, I didn’t blind you with too much science in this chapter—there were a lot of numbers to digest! Allow me to recap some of the key takeaways for this chapter.
Risk is a combination of probability and impact. The Common Vulnerability Scoring System (CVSS) is used to estimate the risk for each vulnerability (CVE) in the National Vulnerability Database (NVD). This freely available data should be used to inform your vulnerability management program. Using vendors who have been successful at reducing the number of vulnerabilities in their products can potentially reduce the time, effort, and costs related to your vulnerability management program. If you choose vendors who have also invested in reducing attackers’ return on investment by making the exploitation of vulnerabilities in their products hard or impossible, you’ll also be reducing your risk and costs.
Of the vendors examined in this chapter, only Apple met the criteria of our...