The Etiology of Vulnerability Exploitation
Offered By: RSA Conference via YouTube
Course Description
Overview
Explore the causation behind vulnerability exploitation in this 50-minute RSA Conference talk. Delve into an extensive analysis of tens of thousands of vulnerabilities, examining CVSS scores, CVE, NVD, and various data feeds to identify key factors influencing exploitation probability. Gain insights into improving vulnerability management by considering the broader context beyond technical aspects. Learn to critically evaluate existing vulnerability scoring systems and understand the importance of testing prioritization methods for remediation efforts. Examine the role of vendors in remediation, auto-patching considerations, and decision-making metrics. Discover a predictive model for exploitation probability and understand the contributing factors to real-world exploitation. Suitable for those with basic knowledge of vulnerability types and frameworks, this talk provides valuable insights for professionals working in or around security vulnerabilities and patch management.
Syllabus
Intro
Today's Journey...
Data Sources
Simplified View of Vulnerabilities
Things Happen Quick
Is CVSS used to prioritize IRL?
The Vendor Role in Remediation?
Top 3 Vendors
Top Products going unpatched
Probability of Patching
The Case for Auto-Patching
Measuring Remediation Decisions
Measuring Decisions: CVSS 10
Vendor-based Strategy
Predictive Model
What contributes to exploitation in the wild?
Predicting Probability: "well calibrated"
RSAConference 2019 San Francisco March 4-8 Moscone Center
Taught by
RSA Conference
Related Courses
Statistical Thinking for Data Science and AnalyticsColumbia University via edX Developing Big Data Solutions with Azure Machine Learning
Microsoft via edX Bias and Discrimination in AI
Université de Montréal via edX Inteligencia Artificial y Robótica
Universidad Anáhuac via edX Planning with SAP Analytics Cloud
SAP Learning