Keeping Up with CVEs - Security Response Management Best Practices

Explore a comprehensive conference talk on managing security vulnerabilities in released products. Learn why common solutions like relying solely on MITRE's CVE database or upgrading to the latest software versions are flawed. Discover alternatives, best practices for reducing time between fix announcements and deployments, and effective strategies for staying current with security issues. Delve into the complexities of security response management, CVE workflows, and tools for CVE system and build/source analysis. Examine the challenges of security management, including cost considerations and the differences between defect systems and security management. Get introduced to the SRTool and its features designed to implement best practices in vulnerability management.

Intro
Security Response Management
General Security Patch Workflow
Upstream CVE Sources
CVE Workflow: Out-of-order/Delayed
A High Profile CVE - Simplified
Volume of CVE Data: Issues
Volume of CVE Data: Example
Tools: CVE System Analysis
Tools: CVE Build/Source Analysis
Security Management: Issues
Security Management Services
Defect systems vs. Security Management
Cost overview: Necessary costs
Cost overview: Unnecessary costs
Best Practices (2)
Introducing the SRTool
Srtool Features for Best Practices
SRTool: Vulnerability Page Example
SRTool: Object Model
SRTool: Functional Layout
Conclusion