YoVDO

The Etiology of Vulnerability Exploitation

Offered By: RSA Conference via YouTube

Tags

RSA Conference Courses Predictive Models Courses Vulnerability Management Courses Security Vulnerabilities Courses

Course Description

Overview

Explore the causation behind vulnerability exploitation in this 50-minute RSA Conference talk. Delve into an extensive analysis of tens of thousands of vulnerabilities, examining CVSS scores, CVE, NVD, and various data feeds to identify key factors influencing exploitation probability. Gain insights into improving vulnerability management by considering the broader context beyond technical aspects. Learn to critically evaluate existing vulnerability scoring systems and understand the importance of testing prioritization methods for remediation efforts. Examine the role of vendors in remediation, auto-patching considerations, and decision-making metrics. Discover a predictive model for exploitation probability and understand the contributing factors to real-world exploitation. Suitable for those with basic knowledge of vulnerability types and frameworks, this talk provides valuable insights for professionals working in or around security vulnerabilities and patch management.

Syllabus

Intro
Today's Journey...
Data Sources
Simplified View of Vulnerabilities
Things Happen Quick
Is CVSS used to prioritize IRL?
The Vendor Role in Remediation?
Top 3 Vendors
Top Products going unpatched
Probability of Patching
The Case for Auto-Patching
Measuring Remediation Decisions
Measuring Decisions: CVSS 10
Vendor-based Strategy
Predictive Model
What contributes to exploitation in the wild?
Predicting Probability: "well calibrated"
RSAConference 2019 San Francisco March 4-8 Moscone Center


Taught by

RSA Conference

Related Courses

Statistical Thinking for Data Science and Analytics
Columbia University via edX
Developing Big Data Solutions with Azure Machine Learning
Microsoft via edX
Bias and Discrimination in AI
Université de Montréal via edX
Inteligencia Artificial y Robótica
Universidad Anáhuac via edX
Planning with SAP Analytics Cloud
SAP Learning