Getting CVSS, NVD, and CVEs to Work for You - Standardizing and Scaling Your Vulnerability Risk Analysis

Explore a comprehensive analysis of vulnerability risk assessment in this 24-minute conference talk from BSidesLV 2019. Delve into the world of Common Vulnerability Exposures (CVEs), Common Vulnerability Scoring System (CVSS), and the National Vulnerability Database (NVD) to standardize and scale your organization's approach to vulnerability risk. Learn about stakeholder involvement, the importance of CVSS, and how to implement these tools effectively. Examine practical examples, including Base Score, Temporal Score, and Environmental Score components, as well as additional mitigations. Discover useful visualizations and understand the limitations of these systems. Conclude with a summary and audience Q&A session to solidify your understanding of vulnerability risk analysis techniques.

Introduction
Disclaimer
Common Vulnerability Exposures
Stakeholders
Why are we using CSS
How do we get there
Example
Bass Score
Temporal Score
Environmental Score
Environmental Score Components
Additional Mitigations
Visualizations
Limitations
Summary
Audience Questions