Utilize Crowdstrike, AD, ElasticSearch, Qualys & Ivanti API queries and open-source intelligence sources to determine and score applications based on their cumulative vulnerability scores. Programmatically determine applications that are end-of-life and calculate probabilistic risk model for EoL applications. Create models for prioritized work to most effectively resolve.
This will permit us to gain visibility to Technical Debt that cannot be effectively patched, and help to identify substantive pools of unmanaged risk.
BONUS: Establishment of the intentionally vulnerable website (non-prod environment) to help train Application Security and enable the rollout of the CheckMarx application
ANTICIPATED DELIVERABLE: Application operating system with API ingestion to investors EOL application in CAS means of determining and ingesting sources of EOL data.Risk scoring weekly reporting
