The Etiology of Vulnerability Exploitation

Explore the causation behind vulnerability exploitation in this 50-minute RSA Conference talk. Delve into an extensive analysis of tens of thousands of vulnerabilities, examining CVSS scores, CVE, NVD, and various data feeds to identify key factors influencing exploitation probability. Gain insights into improving vulnerability management by considering the broader context beyond technical aspects. Learn to critically evaluate existing vulnerability scoring systems and understand the importance of testing prioritization methods for remediation efforts. Examine the role of vendors in remediation, auto-patching considerations, and decision-making metrics. Discover a predictive model for exploitation probability and understand the contributing factors to real-world exploitation. Suitable for those with basic knowledge of vulnerability types and frameworks, this talk provides valuable insights for professionals working in or around security vulnerabilities and patch management.

Intro
Today's Journey...
Data Sources
Simplified View of Vulnerabilities
Things Happen Quick
Is CVSS used to prioritize IRL?
The Vendor Role in Remediation?
Top 3 Vendors
Top Products going unpatched
Probability of Patching
The Case for Auto-Patching
Measuring Remediation Decisions
Measuring Decisions: CVSS 10
Vendor-based Strategy
Predictive Model
What contributes to exploitation in the wild?
Predicting Probability: "well calibrated"
RSAConference 2019 San Francisco March 4-8 Moscone Center