How CVSS is DOSsing Your Patching Policy - and Wasting Your Money
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a critical analysis of the Common Vulnerability Scoring System (CVSS) in this Black Hat USA 2013 conference talk. Delve into the effectiveness of CVSS as a risk metric and prioritization tool for vulnerability patching. Examine real attack data to assess the practical implications of using CVSS scores for security decision-making. Learn about the potential over-investment risks associated with CVSS-based patching strategies, which can reach up to 300% of an optimal approach. Gain insights into the statistical significance of the findings and their practical applications. Evaluate whether CVSS is truly an effective method for prioritizing vulnerability management in your organization. Cover topics such as vulnerability assessment, data set analysis, exploitability factors, case control studies, sensitivity and specificity comparisons, and the impact of CVSS scores on patching policies.
Syllabus
Introduction
Vulnerabilities
What is CVSS
Double Vision
Insecurity
Data Sets
Distribution
Exploitability
Case Control Study
Comparison
Example
Sensitivity
Sensitivity vs Specificity
Pacing
Visualizing CVSS
Patching Policy
National Grid
Batches
Shock Analysis
CVSS Score
Temporal Scores
Temporal Information
Taught by
Black Hat
Related Courses
Introduction to Operations ManagementWharton School of the University of Pennsylvania via Coursera Computational Molecular Evolution
Technical University of Denmark (DTU) via Coursera Structural Equation Model and its Applications | 结构方程模型及其应用 (普通话)
The Chinese University of Hong Kong via Coursera Fundamentals of Clinical Trials
Harvard University via edX Curso Práctico de Bioestadística con R
Universidad San Pablo CEU via Miríadax