The Guerilla CISO blog recently posted a very interesting proposal on Federated Vulnerability Management. I think it’s a fantastic idea that should be seriously considered. If we use modern linked open data through some secure network channels I think we could make this happen without writing much code and getting all the agency data we need through RESTful mashup technologies. We wouldn’t need any centralized servers and could really do it in a decentralized but fully federated and integrated way.
For architects, the relevant paragraph from the posting was the following:
Security architecture models (FEA anyone?) that show federated patch and vulnerability management deployments as part of their standard configuration. OK with the firewall pictures and zones of trust, I understand what you’re saying, now give me patch and vulnerability management flows across all the zones so I can do the other 85% of my job.