A Vulnerability Database Should Not Be About Vulnerabilities
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore a thought-provoking conference talk that challenges conventional thinking about vulnerability databases. Delve into the current state of these databases and uncover the "Telephone Game Problem" affecting data integrity. Examine the importance of trust and the concept of putting packages first. Investigate why focusing on vulnerable code is crucial and learn about tools and data sources for effective vulnerability management. Discover techniques for aggregating, correlating, and refining data across multiple levels. Address challenges such as growth packages, missing packages, and duplicated data. Gain insights into future plans for improving vulnerability databases and enhancing overall cybersecurity practices.
Syllabus
Introduction
Agenda
State of Vulnerability Databases
Telephone Game Problem
Trust
Package First
Why vulnerable code
Tools
Data Source
Aggregate Correlate
Multilevel Refinement
Growth Packages
Missing Packages
Duplicated Data
Other Issues
Future Plans
Outro
Taught by
Linux Foundation
Tags
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network