Introduction

Vulnerabilities and risks

Vulnerability management is all about managing and reducing risks in IT systems.

Because all software might have vulnerabilities (known or unknown) it is impossible to completely ensure that all software and IT equipment used in an IT system have no vulnerabilities. However, by installing and configuring the network, servers, operating system, SQL server, cameras, and the XProtect VMS software in the right way, the risk of exploitable vulnerabilities is greatly reduced.

So, before you scan for and report vulnerabilities, you must follow our Milestone XProtect VMS Hardening Guide and Milestone XProtect Certificate Guide, which describe several security controls and recommendations that minimize the risks when deploying our XProtect VMS on the Microsoft Windows operating system.

If vulnerabilities, are found in the Milestone XProtect software and, potentially, Microsoft’s Windows operating system and reported to Milestone, we use the commonly used CVSS (Common Vulnerability Scoring System) measure to determine the risk of the vulnerability and the CVSS score. Validated vulnerabilities are addressed according to our Vulnerability Management Policy.

In extent to responding to reported vulnerabilities, Milestone monitors the CVE (Common Vulnerabilities & Exposure) database for vulnerabilities related to the Microsoft Windows operating systems, and open-source packages used in the Milestone XProtect VMS software. Such identified vulnerabilities are also addressed according to our Vulnerability Management Policy.