When is a Vulnerability Not a Vulnerability? Overcoming the Inundation of Noisy Supply Chain Security Alerts

Explore a counterintuitive approach to strengthening security in this 22-minute conference talk from Security BSides San Francisco. Discover how organizations can confidently ignore over 90% of security vulnerability alerts, using specific examples to illustrate this strategy. Learn how this approach enables a significant shift in security workflows and behavior, ultimately leading to more effective security practices. Gain insights into distinguishing between genuine vulnerabilities and noise in supply chain security alerts, allowing for more focused and efficient security management.

BSidesSF 2023 - When is a vulnerability not a vulnerability? Overcoming the... (Adam Berman)