Security Testing

How to work out MTTD (Mean Time to Detection)?

Understanding the mean time to detection of a vulnerability is interesting, there are two key pieces of information that you need.
Thomas Ballin
1 minute read

Understanding the mean time to detection of a vulnerability is interesting, there are two key pieces of information that you need.

The first piece of information is around where a vulnerability may have been introduced, you need to be monitoring, measuring and capturing information about all of the various different changes and sources of potential vulnerabilities in order to truly understand the advent and the provenance.

The second thing you need to do is consolidate your understanding on what you consider to be a vulnerability. Do you consider something that a very paranoid SAST tool has highlighted as a potential deficiency to be a vulnerability? Or do you consider it to be a vulnerability when you've got a level of confidence in the validity of it when its been manually verified in some way?

You really need to have a system where you can funnel in all of these feeds of information about both the changes and about the vulnerabilities (with their related details) and combine these together in order to properly gauge your mean time to detection.

Security Testing

How to work out MTTD (Mean Time to Detection)?

Understanding the mean time to detection of a vulnerability is interesting, there are two key pieces of information that you need.
Thomas Ballin
3
min read

Understanding the mean time to detection of a vulnerability is interesting, there are two key pieces of information that you need.

The first piece of information is around where a vulnerability may have been introduced, you need to be monitoring, measuring and capturing information about all of the various different changes and sources of potential vulnerabilities in order to truly understand the advent and the provenance.

The second thing you need to do is consolidate your understanding on what you consider to be a vulnerability. Do you consider something that a very paranoid SAST tool has highlighted as a potential deficiency to be a vulnerability? Or do you consider it to be a vulnerability when you've got a level of confidence in the validity of it when its been manually verified in some way?

You really need to have a system where you can funnel in all of these feeds of information about both the changes and about the vulnerabilities (with their related details) and combine these together in order to properly gauge your mean time to detection.

Prioritise Your Testing Programme Around Your Development Schedule

Detect Vulnerabilities Faster
Patch Vulnerabilities Faste
Be more compliant
Book a Demo

Related Posts

Vulnerability Management
How do you understand performance over time?
In order to get to grips with the performance of your software or product over time, you really need to be taking incremental measurements of your cybersecurity.
Thomas Ballin
February 2, 2021
Security Testing
Automated penetration testing - 5 key business benefits
Automated penetration testing is becoming increasingly popular. But how does this compare to manual penetration testing? Understand the main key benefits.
Thomas Ballin
June 4, 2024
Vulnerability Management
Will there come a day where there are 0 vulnerabilities to find?
There's a growing potential for AI to remove many sources of vulnerabilities, but does that mean we're going to see a day where code is being written without any vulnerabilities being introduced into systems?
Thomas Ballin
June 4, 2024