How CVSS is DOSsing Your Patching Policy - and Wasting Your Money
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a critical analysis of the Common Vulnerability Scoring System (CVSS) in this Black Hat USA 2013 conference talk. Delve into the effectiveness of CVSS as a risk metric and prioritization tool for vulnerability patching. Examine real attack data to assess the practical implications of using CVSS scores for security decision-making. Learn about the potential over-investment risks associated with CVSS-based patching strategies, which can reach up to 300% of an optimal approach. Gain insights into the statistical significance of the findings and their practical applications. Evaluate whether CVSS is truly an effective method for prioritizing vulnerability management in your organization. Cover topics such as vulnerability assessment, data set analysis, exploitability factors, case control studies, sensitivity and specificity comparisons, and the impact of CVSS scores on patching policies.
Syllabus
Introduction
Vulnerabilities
What is CVSS
Double Vision
Insecurity
Data Sets
Distribution
Exploitability
Case Control Study
Comparison
Example
Sensitivity
Sensitivity vs Specificity
Pacing
Visualizing CVSS
Patching Policy
National Grid
Batches
Shock Analysis
CVSS Score
Temporal Scores
Temporal Information
Taught by
Black Hat
Related Courses
Financing and Investing in InfrastructureUniversità Bocconi via Coursera Emergency Management
Open2Study Les principes de la finance
Université catholique de Louvain via edX 《実務・資格講座》新規事業開発スキル (gb008)
CICOM BRAINS via gacco La gestión de los riesgos y la administración de los cambios en el proyecto
University of California, Irvine via Coursera