Your Critical System Is - Not? - Vulnerable - CSAF, VEX, SBOM and the Future of Advisories

Explore the future of vulnerability advisories and critical system security in this 48-minute conference talk from BSidesLV 2021. Delve into key concepts like CSAF, VEX, and SBOM as Dr. Allan Friedman and Jens Wiesner discuss the evolution of vulnerability tracking, risk assessment, and supply chain security. Learn about vendor advisories, automation in security processes, and the impact on various sectors including medical devices and digital infrastructure. Gain insights into the White House Report on product security, open-source initiatives, and CSAF tools. Understand the big picture of cybersecurity advisories and their crucial role in protecting critical systems.

Intro
Vulnerability tracking
Timeline
What is CSAF
Why CSAF
Vendors advisories
Risk assessment
Evaluation phase
Automation
Input data
Benefits
Supply chain
Scaling
World Profile
Product Security
Suppliers
Medical Devices
Digital Infrastructure
White House Report
BScience Las Vegas
Open Source
CSAF Tools
Takeaways
The big picture