{"id":23854,"date":"2023-02-26T22:21:02","date_gmt":"2023-02-26T22:21:02","guid":{"rendered":"https:\/\/phoenix.security\/?p=23854"},"modified":"2024-01-31T17:44:04","modified_gmt":"2024-01-31T17:44:04","slug":"vulnerability-management-framework","status":"publish","type":"post","link":"https:\/\/phoenix.security\/vulnerability-management-framework\/","title":{"rendered":"Vulnerability Management Framework\/ Maturity Model for application security and cloud security"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1091\" height=\"690\" src=\"https:\/\/phoenix.security\/media\/Screenshot-2023-02-25-at-20.50.56.png\" alt=\"Vulnerability Management Assessment Process across application and cloud security\" class=\"wp-image-23871\" srcset=\"https:\/\/phoenix.security\/media\/Screenshot-2023-02-25-at-20.50.56.png 1091w, https:\/\/phoenix.security\/media\/Screenshot-2023-02-25-at-20.50.56-600x379.png 600w, https:\/\/phoenix.security\/media\/Screenshot-2023-02-25-at-20.50.56-768x486.png 768w\" sizes=\"(max-width: 1091px) 100vw, 1091px\" \/><\/figure>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title ez-toc-toggle\" style=\"cursor:pointer\">Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #4f46e5;color:#4f46e5\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #4f46e5;color:#4f46e5\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"#\" data-href=\"https:\/\/phoenix.security\/vulnerability-management-framework\/#vulnerability-management-process\" >Vulnerability Management Process<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"#\" data-href=\"https:\/\/phoenix.security\/vulnerability-management-framework\/#why-we-created-the-vulnerability-management-process\" >Why we created the vulnerability management process<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"#\" data-href=\"https:\/\/phoenix.security\/vulnerability-management-framework\/#vulnerability-triage-and-maturity-model-v1\" >Vulnerability Triage and Maturity Model V1<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"#\" data-href=\"https:\/\/phoenix.security\/vulnerability-management-framework\/#how-to-assess-your-maturity-level-for-vulnerabilities\" >How to assess your maturity level for vulnerabilities?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"#\" data-href=\"https:\/\/phoenix.security\/vulnerability-management-framework\/#get-on-improving-the-vulnerability-practices-with-the-vulnerability-management-framework-available-with-the-form-below-or-collaborating-on-git\" >Get on improving the vulnerability practices with the vulnerability management framework, available with the form below or collaborating on git<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"#\" data-href=\"https:\/\/phoenix.security\/vulnerability-management-framework\/#what-are-the-various-areas-of-vulnerability-triage\" >What are the various areas of vulnerability triage?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"#\" data-href=\"https:\/\/phoenix.security\/vulnerability-management-framework\/#what-is-a-vulnerability-triage-process\" >What is a vulnerability triage process?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"#\" data-href=\"https:\/\/phoenix.security\/vulnerability-management-framework\/#how-does-phoenix-security-help\" >How does phoenix security help?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"#\" data-href=\"https:\/\/phoenix.security\/vulnerability-management-framework\/#get-in-control-of-your-application-security-posture-and-vulnerability-management\" >Get in control of your Application Security posture and Vulnerability management<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"#\" data-href=\"https:\/\/phoenix.security\/vulnerability-management-framework\/#what-are-the-different-maturity-levels-for-a-vulnerability-process\" >What are the different maturity levels for a vulnerability process?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"#\" data-href=\"https:\/\/phoenix.security\/vulnerability-management-framework\/#how-does-triaging-differ-between-application-security-and-infrastructure-security\" >How does triaging differ between application security and infrastructure security?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"#\" data-href=\"https:\/\/phoenix.security\/vulnerability-management-framework\/#conclusions\" >Conclusions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"#\" data-href=\"https:\/\/phoenix.security\/vulnerability-management-framework\/#phoenix-security-perspective\" >Phoenix security perspective<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"#\" data-href=\"https:\/\/phoenix.security\/vulnerability-management-framework\/#get-in-control-of-your-application-security-posture-and-vulnerability-management-2\" >Get in control of your Application Security posture and Vulnerability management<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"vulnerability-management-process\"><\/span>Vulnerability Management Process<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"Vulnerability Maturity Framework\" width=\"800\" height=\"450\" src=\"https:\/\/www.youtube.com\/embed\/videoseries?list=PLVlvQpDxsvqHWQfqej5Gs7bOd-cq8JO24\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><figcaption class=\"wp-element-caption\">Vulnerability management framework <\/figcaption><\/figure>\n\n\n\n<p>Organizations face an ever-increasing risk of cyberattacks and data breaches. Vulnerabilities are getting discovered faster than ever, with a 34% YoY increase of vulnerability discovery. Vulnerabilities are often tackled as they come from security scanners, leading to burnout of security professionals, with 50% of security engineers considering changing their profession entirely. This article explores the vulnerability management process that applies to application, cloud, and infrastructure security. <\/p>\n\n\n\n<p>To mitigate these risks, vulnerability management and triage have become essential components of an effective cybersecurity program. Vulnerability triage, in particular, plays a critical role in identifying, prioritizing, and remediating vulnerabilities to minimize the organization&#8217;s attack surface across applications, cloud and infrastructure. However, the process of vulnerability triage is not a one-size-fits-all approach and requires a maturity model that reflects the organization&#8217;s current state of readiness. This article will explore the evolution of vulnerability management and triage process maturity and how organizations can enhance their capabilities to manage and mitigate cybersecurity risks effectively.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-why-we-created-the-vulnerability-management-process\"><span class=\"ez-toc-section\" id=\"why-we-created-the-vulnerability-management-process\"><\/span>Why we created the vulnerability management process<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>We created the vulnerability maturity model to provide a quick and easy assessment method to define where you are in the vulnerability assessment process from triage.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-vulnerability-triage-and-maturity-model-v1\"><span class=\"ez-toc-section\" id=\"vulnerability-triage-and-maturity-model-v1\"><\/span>Vulnerability Triage and Maturity Model V1<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" width=\"975\" height=\"1024\" src=\"https:\/\/phoenix.security\/media\/image-63-1.jpg\" alt=\"Vulnerability management framework V1 \" class=\"wp-image-23869\" srcset=\"https:\/\/phoenix.security\/media\/image-63-1.jpg 975w, https:\/\/phoenix.security\/media\/image-63-1-571x600.jpg 571w, https:\/\/phoenix.security\/media\/image-63-1-768x807.jpg 768w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><figcaption class=\"wp-element-caption\">Vulnerability management framework V1 <\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-to-assess-your-maturity-level-for-vulnerabilities\"><span class=\"ez-toc-section\" id=\"how-to-assess-your-maturity-level-for-vulnerabilities\"><\/span>How to assess your maturity level for vulnerabilities?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>You can assess your organisation against this model by completing the form below here, we are integrating the model inside <a href=\"https:\/\/owasp.org\/www-project-devsecops-maturity-model\/\">DSOMM<\/a> for easier integration and will be publishing a new whitepaper on this model in the upcoming months.&nbsp; <a href=\"https:\/\/github.com\/franksec42\/Vulnerability-managment-maturity\">The current collaborative work on git is here<\/a><\/p>\n\n\n\n<p>The model is also mapped back to <a href=\"https:\/\/owasp.org\/www-project-samm\/\">OWASP SAMM V2&nbsp;<\/a><\/p>\n\n\n\n<p>A more extended model can be found in part of the SANS<a href=\"https:\/\/www.sans.org\/blog\/vulnerability-management-maturity-model\/\"> Vulnerability management model.&nbsp;<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-get-on-improving-the-vulnerability-practices-with-the-vulnerability-management-framework-available-with-the-form-below-or-collaborating-on-git\"><span class=\"ez-toc-section\" id=\"get-on-improving-the-vulnerability-practices-with-the-vulnerability-management-framework-available-with-the-form-below-or-collaborating-on-git\"><\/span>Get on improving the vulnerability practices with the vulnerability management framework, available with the form below or collaborating on git<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<div class=\"wp-block-leadin-hubspot-form-block\">\n\t\t\t\t\t\t<script>\n\t\t\t\t\t\t\twindow.hsFormsOnReady = window.hsFormsOnReady || [];\n\t\t\t\t\t\t\twindow.hsFormsOnReady.push(()=>{\n\t\t\t\t\t\t\t\thbspt.forms.create({\n\t\t\t\t\t\t\t\t\tportalId: 9101757,\n\t\t\t\t\t\t\t\t\tformId: \"ebbe7500-c90d-4ef7-b173-775aa58bdb42\",\n\t\t\t\t\t\t\t\t\ttarget: \"#hbspt-form-1776629806000-0158162056\",\n\t\t\t\t\t\t\t\t\tregion: \"na1\",\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t})});\n\t\t\t\t\t\t<\/script>\n\t\t\t\t\t\t<div class=\"hbspt-form\" id=\"hbspt-form-1776629806000-0158162056\"><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-are-the-various-areas-of-vulnerability-triage\"><span class=\"ez-toc-section\" id=\"what-are-the-various-areas-of-vulnerability-triage\"><\/span>What are the various areas of vulnerability triage?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img decoding=\"async\" width=\"754\" height=\"319\" src=\"https:\/\/phoenix.security\/media\/image-63.png\" alt=\"Vulnerability Management Assessment Process  steps across application and cloud security\" class=\"wp-image-23870\" style=\"width:754px;height:319px\" srcset=\"https:\/\/phoenix.security\/media\/image-63.png 754w, https:\/\/phoenix.security\/media\/image-63-600x254.png 600w\" sizes=\"(max-width: 754px) 100vw, 754px\" \/><figcaption class=\"wp-element-caption\">Vulnerability Management Assessment Process&#8217;s steps across application and cloud security.<\/figcaption><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Detection\/Testing =<\/strong> identification of artefacts and tooling integration.<\/li>\n\n\n\n<li><strong>Aggregation\/Deduplication of vulnerabilities<\/strong> = describes the different maturity levels in aggregating vulnerabilities.&nbsp;<\/li>\n\n\n\n<li><strong>Prioritization <\/strong>= Describe the different levels of maturity for the prioritization process.<\/li>\n\n\n\n<li><strong>Vulnerability Actions =<\/strong> Describe the actions that can be taken to resolve vulnerabilities; the actions are tied to the implemented process and the measurements&#8217; maturity.<\/li>\n\n\n\n<li><strong>Vulnerability Processes =<\/strong> Describe the process of vulnerability triage and remediation.&nbsp;<\/li>\n\n\n\n<li><strong>Measurements = <\/strong>Describe how to measure vulnerability and processes.<\/li>\n<\/ul>\n\n\n\n<p>Future work: we will include two other areas in the model: deduplication and correlation\/contextualisation.<\/p>\n\n\n\n<p>Phoenix security helps with managing vulnerabilities across your <a href=\"https:\/\/phoenix.security\/phoenix-security-aspm-what-it-is-and-what-does-it-cover\/\">application<\/a> security <a href=\"https:\/\/phoenix.security\/navigating-the-maze-of-vulnerabilities-with-strategic-aspm\/\">with ASPM<\/a> and <a href=\"https:\/\/phoenix.security\/phoenix-security-aspm\/\">runtime environment <\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-is-a-vulnerability-triage-process\"><span class=\"ez-toc-section\" id=\"what-is-a-vulnerability-triage-process\"><\/span>What is a vulnerability triage process?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>A vulnerability triage process is essential in ensuring an organization&#8217;s systems and applications are secure from malicious attacks. It involves a systematic approach to identifying and prioritizing vulnerabilities based on their level of severity (at the most basic level), risk (at the highest maturity level), and the potential impact they could have on an organization&#8217;s assets, data, and reputation. The triage process typically involves several steps, including discovery, assessment, prioritization, and scheduling of necessary work with relevant teams.<\/p>\n\n\n\n<p>The first step in the vulnerability triage process is discovery. The process involves identifying vulnerabilities within an organization&#8217;s infrastructure, applications, or systems. Identifying Vulnerabilities can be achieved through automated tools or manual analysis of code, vulnerability scan reports, and system reports. Once a vulnerability has been discovered, it is essential to document the details of the vulnerability, including its location, severity, and potential impact on the organization&#8217;s assets and data.<\/p>\n\n\n\n<p>The next step is assessment, which involves analyzing the vulnerability to determine its level of severity and potential impact. The Analysis may include testing the vulnerability to see if it can be exploited and to what extent. It is important to understand the technical details of the vulnerability, such as the root cause and potential attack vectors, as this information will inform the prioritization and scheduling of work.<\/p>\n\n\n\n<p>Once the vulnerability has been assessed, it is prioritized based on its severity level and potential impact. Vulnerabilities are typically classified into different categories, such as critical, high, medium, and low severity. The prioritization process considers the potential impact on the organization&#8217;s assets, data, and reputation and the likelihood of exploitation. This information is used to determine the level of urgency for remediation.<\/p>\n\n\n\n<p>After prioritization, the next step is to schedule the necessary work with the relevant teams. This may involve assigning tasks to internal or external teams, such as developers, system administrators, or third-party vendors. The scheduling process considers the availability of resources and the urgency of remediation. It is important to communicate the urgency of remediation to all relevant parties to ensure the necessary work is completed within a reasonable timeframe.<\/p>\n\n\n\n<p>The vulnerability triage process is essential in ensuring the security of an organization&#8217;s infrastructure, applications, and systems. It involves a systematic approach to identifying and prioritizing vulnerabilities based on their severity level and potential impact. The process typically involves several steps, including discovery, assessment, prioritization, and scheduling of necessary work with relevant teams. Organizations can effectively manage their security risks and protect their assets, data, and reputation by following a vulnerability triage process.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-does-phoenix-security-help\"><span class=\"ez-toc-section\" id=\"how-does-phoenix-security-help\"><\/span>How does phoenix security help?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Phoenix security was created to help organizations quickly integrate several of those maturity elements and rapidly bring organizations to Maturity level 4, providing tools and process acceleration to incorporate the process and practices at the organizational level quickly and painlessly.&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained\">\n<h2 class=\"wp-block-heading has-text-align-center\" id=\"schedule-a-visit\" style=\"font-size:59px;line-height:1.15\"><span class=\"ez-toc-section\" id=\"get-in-control-of-your-application-security-posture-and-vulnerability-management\"><\/span><strong>Get in control of your Application Security posture and Vulnerability management <\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<div class=\"wp-block-buttons is-horizontal is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-1 wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button has-custom-width wp-block-button__width-50\"><a class=\"wp-block-button__link has-vivid-purple-background-color has-text-color has-background wp-element-button\" href=\"https:\/\/phoenix.security\/risk-assessment\/\" style=\"border-radius:50px;color:#ffffff\" target=\"_blank\" rel=\"noreferrer noopener\">Get a Demo today<\/a><\/div>\n<\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-are-the-different-maturity-levels-for-a-vulnerability-process\"><span class=\"ez-toc-section\" id=\"what-are-the-different-maturity-levels-for-a-vulnerability-process\"><\/span>What are the different maturity levels for a vulnerability process?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Level 0: Absent &#8211; At this level, the organization does not have a formal process for vulnerability scan, triage, discovery or assessment. Identifying and remedying vulnerabilities is reactive, from random discovery, and there is no systematic approach to prioritize vulnerabilities based on their severity, risk, context or potential impact.<\/li>\n\n\n\n<li>Level 1: Initial &#8211; The organization has a basic process\/policy for vulnerability scan and triage at this level. There is some awareness of the importance of vulnerability management, and vulnerabilities are tracked and reported to relevant teams. However, the process is still reactive, and remediation activities have no formal prioritization or scheduling.<\/li>\n\n\n\n<li>Level 2: Managed &#8211; At this level, the organization has a well-defined and managed process for vulnerability scan and some level of triage. Vulnerabilities are identified and tracked systematically, and there is an initial prioritization process based on the severity and potential impact of the vulnerability. Initial steps for SLA prioritization might be in place. There is some level of aggregation of vulnerability and measurement.<\/li>\n\n\n\n<li>Level 3: Defined &#8211; At this level, the organization has a mature and well-defined process for vulnerability scan\/test, discovery, triage and measured remediation, fully integrated into the overall security program. The process is well-documented and communicated to all relevant parties, and there are clear roles and responsibilities for vulnerability management. Vulnerabilities are prioritized based on a risk-based approach, and remediation activities are regularly monitored and reported. There is a well-defined approach to exception management with a mitigation approach.<\/li>\n\n\n\n<li>Level 4: Quantitatively Managed &#8211; At this level, the organization has a fully mature process for vulnerability scan\/test, discovery, triage and measured remediation that is data-driven and quantitatively managed. Vulnerabilities are prioritized based on a comprehensive risk assessment that considers exploitation&#8217;s likelihood and potential impact. There is ongoing monitoring and reporting on vulnerability management metrics, and the process is continually optimized based on data-driven insights. There is a well-defined approach to exception management, and rapid and systematic threat modeling with a mitigation approach.<\/li>\n\n\n\n<li>Level 5: Optimizing &#8211; At this level, the organization has a fully optimized and mature process for vulnerability scan\/test, discovery, triage and measured remediation that is continually tested and benchmarked, refined and improved. The process is fully integrated into the security program, with ongoing collaboration and communication across all relevant teams. The organization leverages the latest tools and techniques to identify and prioritize vulnerabilities, and there is a culture of continuous improvement and innovation in vulnerability management. There is a well-defined approach to exception management and rapid and systematic threat modelling with mitigations.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-does-triaging-differ-between-application-security-and-infrastructure-security\"><span class=\"ez-toc-section\" id=\"how-does-triaging-differ-between-application-security-and-infrastructure-security\"><\/span>How does triaging differ between application security and infrastructure security?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Complexity of Vulnerabilities: Application security vulnerabilities tend to be more complex and require a deeper understanding of the application&#8217;s underlying code and architecture. This makes it more challenging to identify and prioritize vulnerabilities, as it requires a higher level of technical expertise and specialized tools. On the other hand, infrastructure security vulnerabilities tend to be more straightforward to identify and remediate.<\/li>\n\n\n\n<li>Speed of Remediation: In application security, the speed of remediation is critical due to the fast-paced nature of software development. Applications are often updated and deployed frequently, so vulnerabilities must be addressed quickly to avoid disruption to development cycles. In infrastructure security, remediation tends to be more planned and scheduled, as infrastructure changes typically require more lead time.<\/li>\n\n\n\n<li>Tools and Processes: The tools and processes used in application security often differ from those used in infrastructure security. For example, application security may rely on automated tools to identify vulnerabilities in code. In contrast, infrastructure security may rely on manual checks and audits to identify vulnerabilities in network configurations and device settings.<\/li>\n\n\n\n<li>Risk Assessment: Risk assessment in application security often requires a deeper understanding of the application&#8217;s functionality and potential impact on the organization&#8217;s assets and data. In infrastructure security, risk assessment focuses on the potential impact on the organization&#8217;s network and devices.<\/li>\n\n\n\n<li>Collaboration: Collaboration between development and security teams is critical in application security, as developers need to understand the implications of vulnerabilities in their code and applications. Collaboration may be more limited in infrastructure security, as infrastructure changes tend to be managed by dedicated IT teams.<\/li>\n<\/ol>\n\n\n\n<p>In summary, while there are some similarities in the triage process between application and infrastructure security, several key differences exist. Application security tends to be more complex and requires higher technical expertise, while infrastructure security tends to be more straightforward. The speed of remediation, tools and processes, risk assessment, and collaboration are all factors that can impact the triage process in different ways in these two areas of security.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-conclusions\"><span class=\"ez-toc-section\" id=\"conclusions\"><\/span>Conclusions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Vulnerability triage is a complex process that can be broken down into several aspects. Trying to tackle everything at a high maturity level can be overwhelming and lead to dissatisfaction. Starting with a limited scope, defining several activities around vulnerability management is key to progress systematically towards a higher maturity level.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-phoenix-security-perspective\"><span class=\"ez-toc-section\" id=\"phoenix-security-perspective\"><\/span>Phoenix security perspective<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>From running vulnerability management at scale for application security and cloud security, we learned many lessons about what works and does not. Every organization has its process, maturity and procedures.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1063\" height=\"1122\" src=\"https:\/\/phoenix.security\/media\/image-63.jpg\" alt=\"Vulnerability Management Framework High Maturity - Phoenix  Assessment Process steps across application and cloud security\" class=\"wp-image-23868\" srcset=\"https:\/\/phoenix.security\/media\/image-63.jpg 1063w, https:\/\/phoenix.security\/media\/image-63-568x600.jpg 568w, https:\/\/phoenix.security\/media\/image-63-768x811.jpg 768w\" sizes=\"(max-width: 1063px) 100vw, 1063px\" \/><figcaption class=\"wp-element-caption\">Vulnerability Management Framework High Maturity &#8211; Phoenix  Assessment Process steps across application and cloud security.<\/figcaption><\/figure>\n\n\n\n<p>Phoenix security is here to help every organization progress on the journey of vulnerability evolution and resolution of vulnerabilities without burnout. Phoenix Security would enable us to progress quickly to Maturity 4, automating measurements and processes with minimal work effort.&nbsp; You can schedule a free consultation with one of our experts to assess your organization&#8217;s maturity level. To know more about how we can automate the discovery of assets, triage and prioritization, schedule a demo call with us.&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained\">\n<h2 class=\"wp-block-heading has-text-align-center\" id=\"schedule-a-visit\" style=\"font-size:59px;line-height:1.15\"><span class=\"ez-toc-section\" id=\"get-in-control-of-your-application-security-posture-and-vulnerability-management-2\"><\/span><strong>Get in control of your Application Security posture and Vulnerability management <\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<div class=\"wp-block-buttons is-horizontal is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-2 wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button has-custom-width wp-block-button__width-50\"><a class=\"wp-block-button__link has-vivid-purple-background-color has-text-color has-background wp-element-button\" href=\"https:\/\/phoenix.security\/risk-assessment\/\" style=\"border-radius:50px;color:#ffffff\" target=\"_blank\" rel=\"noreferrer noopener\">Get a Demo today<\/a><\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Presenting the first version of the Vulnerability Management Framework to assess your Organization from the discovery of vulnerabilities  to resolutions triaging application and cloud security<\/p>\n","protected":false},"author":5,"featured_media":23871,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","postBodyCss":"","postBodyMargin":[],"postBodyPadding":[],"postBodyBackground":{"backgroundType":"classic","gradient":""},"episode_type":"","audio_file":"","podmotor_file_id":"","podmotor_episode_id":"","cover_image":"","cover_image_id":"","duration":"","filesize":"","filesize_raw":"","date_recorded":"","explicit":"","block":"","itunes_episode_number":"","itunes_title":"","itunes_season_number":"","itunes_episode_type":"","footnotes":""},"categories":[5,24,48,55],"tags":[6,37,211,130,131,40,58,213],"class_list":["post-23854","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-appsec","category-cloudsec","category-prioritization-appsec","category-vulnerability","tag-appsec","tag-cybersecurity","tag-framework","tag-prioritization","tag-risk-based-priority","tag-vulnerabilities","tag-vulnerability","tag-vulnframework"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.6 (Yoast SEO v26.6) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Vulnerability Managment Framework - Application Security - Code to Cloud<\/title>\n<meta name=\"description\" content=\"Presenting the first version of the Vulnerability Management Framework to assess your Organization from the discovery of vulnerabilities to resolutions triaging application and cloud security\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/phoenix.security\/vulnerability-management-framework\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerability Management Framework\/ Maturity Model for application security and cloud security\" \/>\n<meta property=\"og:description\" content=\"Presenting the first version of the Vulnerability Management Framework to assess your Organization from the discovery of vulnerabilities to resolutions triaging application and cloud security\" \/>\n<meta property=\"og:url\" content=\"https:\/\/phoenix.security\/vulnerability-management-framework\/\" \/>\n<meta property=\"og:site_name\" content=\"Phoenix Security\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/AppSecPhoenix\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-26T22:21:02+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-31T17:44:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/phoenix.security\/media\/Screenshot-2023-02-25-at-20.50.56.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1091\" \/>\n\t<meta property=\"og:image:height\" content=\"690\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Francesco Cipollone\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@appsecphoenix\" \/>\n<meta name=\"twitter:site\" content=\"@appsecphoenix\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Francesco Cipollone\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/phoenix.security\/vulnerability-management-framework\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/phoenix.security\/vulnerability-management-framework\/\"},\"author\":{\"name\":\"Francesco Cipollone\",\"@id\":\"https:\/\/phoenix.security\/#\/schema\/person\/3c103468a2b2b951ba16b39b81557815\"},\"headline\":\"Vulnerability Management Framework\/ Maturity Model for application security and cloud security\",\"datePublished\":\"2023-02-26T22:21:02+00:00\",\"dateModified\":\"2024-01-31T17:44:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/phoenix.security\/vulnerability-management-framework\/\"},\"wordCount\":1898,\"publisher\":{\"@id\":\"https:\/\/phoenix.security\/#organization\"},\"image\":{\"@id\":\"https:\/\/phoenix.security\/vulnerability-management-framework\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/phoenix.security\/media\/Screenshot-2023-02-25-at-20.50.56.png\",\"keywords\":[\"appsec\",\"cybersecurity\",\"framework\",\"prioritization\",\"risk-based-priority\",\"vulnerabilities\",\"vulnerability\",\"vulnframework\"],\"articleSection\":[\"AppSec\",\"CloudSec\",\"Prioritization\",\"Vulnerability\"],\"inLanguage\":\"en-GB\",\"copyrightYear\":\"2023\",\"copyrightHolder\":{\"@id\":\"https:\/\/phoenix.security\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/phoenix.security\/vulnerability-management-framework\/\",\"url\":\"https:\/\/phoenix.security\/vulnerability-management-framework\/\",\"name\":\"Vulnerability Managment Framework - Application Security - Code to Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/phoenix.security\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/phoenix.security\/vulnerability-management-framework\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/phoenix.security\/vulnerability-management-framework\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/phoenix.security\/media\/Screenshot-2023-02-25-at-20.50.56.png\",\"datePublished\":\"2023-02-26T22:21:02+00:00\",\"dateModified\":\"2024-01-31T17:44:04+00:00\",\"description\":\"Presenting the first version of the Vulnerability Management Framework to assess your Organization from the discovery of vulnerabilities to resolutions triaging application and cloud security\",\"breadcrumb\":{\"@id\":\"https:\/\/phoenix.security\/vulnerability-management-framework\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/phoenix.security\/vulnerability-management-framework\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/phoenix.security\/vulnerability-management-framework\/#primaryimage\",\"url\":\"https:\/\/phoenix.security\/media\/Screenshot-2023-02-25-at-20.50.56.png\",\"contentUrl\":\"https:\/\/phoenix.security\/media\/Screenshot-2023-02-25-at-20.50.56.png\",\"width\":1091,\"height\":690,\"caption\":\"Vulnerability Management Assessment Process across application and cloud security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/phoenix.security\/vulnerability-management-framework\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/phoenix.security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerability Management Framework\/ Maturity Model for application security and cloud security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/phoenix.security\/#website\",\"url\":\"https:\/\/phoenix.security\/\",\"name\":\"Phoenix Security\",\"description\":\"Contextualize Prioritize and ACT ON RISK\",\"publisher\":{\"@id\":\"https:\/\/phoenix.security\/#organization\"},\"alternateName\":\"Phoenix Security Platform\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/phoenix.security\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/phoenix.security\/#organization\",\"name\":\"AppSec Phoenix\",\"alternateName\":\"Phoenix Security Platform\",\"url\":\"https:\/\/phoenix.security\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/phoenix.security\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/phoenix.security\/media\/Smart-Application-Security-copy.png\",\"contentUrl\":\"https:\/\/phoenix.security\/media\/Smart-Application-Security-copy.png\",\"width\":2560,\"height\":2530,\"caption\":\"AppSec Phoenix\"},\"image\":{\"@id\":\"https:\/\/phoenix.security\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/AppSecPhoenix\/\",\"https:\/\/x.com\/appsecphoenix\",\"https:\/\/www.instagram.com\/appsecphx\/\",\"https:\/\/www.linkedin.com\/company\/appsecphoenix\",\"https:\/\/www.youtube.com\/channel\/UC6TyzLt6UnL9mmC5ynrrNLw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/phoenix.security\/#\/schema\/person\/3c103468a2b2b951ba16b39b81557815\",\"name\":\"Francesco Cipollone\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/phoenix.security\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/phoenix.security\/media\/cropped-Frank-Bio-Purple-circle-96x96.png\",\"contentUrl\":\"https:\/\/phoenix.security\/media\/cropped-Frank-Bio-Purple-circle-96x96.png\",\"caption\":\"Francesco Cipollone\"},\"description\":\"Francesco is an internationally renowned public speaker, with\u00a0multiple interviews in high-profile publications (eg.\u00a0Forbes), and\u00a0an\u00a0author of numerous books and articles, who utilises his\u00a0platform to\u00a0evangelize the importance of\u00a0Cloud security and\u00a0cutting-edge technologies on a global scale.\",\"url\":\"https:\/\/phoenix.security\/author\/fcphoenix-security\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Vulnerability Managment Framework - Application Security - Code to Cloud","description":"Presenting the first version of the Vulnerability Management Framework to assess your Organization from the discovery of vulnerabilities to resolutions triaging application and cloud security","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/phoenix.security\/vulnerability-management-framework\/","og_locale":"en_GB","og_type":"article","og_title":"Vulnerability Management Framework\/ Maturity Model for application security and cloud security","og_description":"Presenting the first version of the Vulnerability Management Framework to assess your Organization from the discovery of vulnerabilities to resolutions triaging application and cloud security","og_url":"https:\/\/phoenix.security\/vulnerability-management-framework\/","og_site_name":"Phoenix Security","article_publisher":"https:\/\/www.facebook.com\/AppSecPhoenix\/","article_published_time":"2023-02-26T22:21:02+00:00","article_modified_time":"2024-01-31T17:44:04+00:00","og_image":[{"width":1091,"height":690,"url":"https:\/\/phoenix.security\/media\/Screenshot-2023-02-25-at-20.50.56.png","type":"image\/png"}],"author":"Francesco Cipollone","twitter_card":"summary_large_image","twitter_creator":"@appsecphoenix","twitter_site":"@appsecphoenix","twitter_misc":{"Written by":"Francesco Cipollone","Estimated reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/phoenix.security\/vulnerability-management-framework\/#article","isPartOf":{"@id":"https:\/\/phoenix.security\/vulnerability-management-framework\/"},"author":{"name":"Francesco Cipollone","@id":"https:\/\/phoenix.security\/#\/schema\/person\/3c103468a2b2b951ba16b39b81557815"},"headline":"Vulnerability Management Framework\/ Maturity Model for application security and cloud security","datePublished":"2023-02-26T22:21:02+00:00","dateModified":"2024-01-31T17:44:04+00:00","mainEntityOfPage":{"@id":"https:\/\/phoenix.security\/vulnerability-management-framework\/"},"wordCount":1898,"publisher":{"@id":"https:\/\/phoenix.security\/#organization"},"image":{"@id":"https:\/\/phoenix.security\/vulnerability-management-framework\/#primaryimage"},"thumbnailUrl":"https:\/\/phoenix.security\/media\/Screenshot-2023-02-25-at-20.50.56.png","keywords":["appsec","cybersecurity","framework","prioritization","risk-based-priority","vulnerabilities","vulnerability","vulnframework"],"articleSection":["AppSec","CloudSec","Prioritization","Vulnerability"],"inLanguage":"en-GB","copyrightYear":"2023","copyrightHolder":{"@id":"https:\/\/phoenix.security\/#organization"}},{"@type":"WebPage","@id":"https:\/\/phoenix.security\/vulnerability-management-framework\/","url":"https:\/\/phoenix.security\/vulnerability-management-framework\/","name":"Vulnerability Managment Framework - Application Security - Code to Cloud","isPartOf":{"@id":"https:\/\/phoenix.security\/#website"},"primaryImageOfPage":{"@id":"https:\/\/phoenix.security\/vulnerability-management-framework\/#primaryimage"},"image":{"@id":"https:\/\/phoenix.security\/vulnerability-management-framework\/#primaryimage"},"thumbnailUrl":"https:\/\/phoenix.security\/media\/Screenshot-2023-02-25-at-20.50.56.png","datePublished":"2023-02-26T22:21:02+00:00","dateModified":"2024-01-31T17:44:04+00:00","description":"Presenting the first version of the Vulnerability Management Framework to assess your Organization from the discovery of vulnerabilities to resolutions triaging application and cloud security","breadcrumb":{"@id":"https:\/\/phoenix.security\/vulnerability-management-framework\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/phoenix.security\/vulnerability-management-framework\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/phoenix.security\/vulnerability-management-framework\/#primaryimage","url":"https:\/\/phoenix.security\/media\/Screenshot-2023-02-25-at-20.50.56.png","contentUrl":"https:\/\/phoenix.security\/media\/Screenshot-2023-02-25-at-20.50.56.png","width":1091,"height":690,"caption":"Vulnerability Management Assessment Process across application and cloud security"},{"@type":"BreadcrumbList","@id":"https:\/\/phoenix.security\/vulnerability-management-framework\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/phoenix.security\/"},{"@type":"ListItem","position":2,"name":"Vulnerability Management Framework\/ Maturity Model for application security and cloud security"}]},{"@type":"WebSite","@id":"https:\/\/phoenix.security\/#website","url":"https:\/\/phoenix.security\/","name":"Phoenix Security","description":"Contextualize Prioritize and ACT ON RISK","publisher":{"@id":"https:\/\/phoenix.security\/#organization"},"alternateName":"Phoenix Security Platform","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/phoenix.security\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/phoenix.security\/#organization","name":"AppSec Phoenix","alternateName":"Phoenix Security Platform","url":"https:\/\/phoenix.security\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/phoenix.security\/#\/schema\/logo\/image\/","url":"https:\/\/phoenix.security\/media\/Smart-Application-Security-copy.png","contentUrl":"https:\/\/phoenix.security\/media\/Smart-Application-Security-copy.png","width":2560,"height":2530,"caption":"AppSec Phoenix"},"image":{"@id":"https:\/\/phoenix.security\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/AppSecPhoenix\/","https:\/\/x.com\/appsecphoenix","https:\/\/www.instagram.com\/appsecphx\/","https:\/\/www.linkedin.com\/company\/appsecphoenix","https:\/\/www.youtube.com\/channel\/UC6TyzLt6UnL9mmC5ynrrNLw"]},{"@type":"Person","@id":"https:\/\/phoenix.security\/#\/schema\/person\/3c103468a2b2b951ba16b39b81557815","name":"Francesco Cipollone","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/phoenix.security\/#\/schema\/person\/image\/","url":"https:\/\/phoenix.security\/media\/cropped-Frank-Bio-Purple-circle-96x96.png","contentUrl":"https:\/\/phoenix.security\/media\/cropped-Frank-Bio-Purple-circle-96x96.png","caption":"Francesco Cipollone"},"description":"Francesco is an internationally renowned public speaker, with\u00a0multiple interviews in high-profile publications (eg.\u00a0Forbes), and\u00a0an\u00a0author of numerous books and articles, who utilises his\u00a0platform to\u00a0evangelize the importance of\u00a0Cloud security and\u00a0cutting-edge technologies on a global scale.","url":"https:\/\/phoenix.security\/author\/fcphoenix-security\/"}]}},"_links":{"self":[{"href":"https:\/\/phoenix.security\/wp-json\/wp\/v2\/posts\/23854","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/phoenix.security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/phoenix.security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/phoenix.security\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/phoenix.security\/wp-json\/wp\/v2\/comments?post=23854"}],"version-history":[{"count":7,"href":"https:\/\/phoenix.security\/wp-json\/wp\/v2\/posts\/23854\/revisions"}],"predecessor-version":[{"id":30374,"href":"https:\/\/phoenix.security\/wp-json\/wp\/v2\/posts\/23854\/revisions\/30374"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/phoenix.security\/wp-json\/wp\/v2\/media\/23871"}],"wp:attachment":[{"href":"https:\/\/phoenix.security\/wp-json\/wp\/v2\/media?parent=23854"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/phoenix.security\/wp-json\/wp\/v2\/categories?post=23854"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/phoenix.security\/wp-json\/wp\/v2\/tags?post=23854"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}