Special thanks to Jeff Gouge for sharing his thoughts on consolidating vulnerability management. We also thank our sponsor Nucleus Security for supporting this episode.
Consistently tracking and prioritizing vulnerabilities is a difficult problem. This episode talks about it in detail and helps you increase your understanding in:
- Various application security scanning tools (SAST, DAST, SCA, Container, IoT, Secret Scanners, Cloud Security Scans, ...) and why companies need so many
- How CVSS base scores are actually calculated so you can understand its strengths and weaknesses
- How Threat Intelligence Data improves CVSS scoring
- Knowing which vulnerabilities are being actively exploited by bad actors through the CISA Known Exploited Vulnerabilities Catalog
- Knowing with vulnerabilities are being exploited in your industry or organization
- Knowing how the Exploit Prediction Scoring System (EPSS) can predict which vulnerabilities will be exploited soon
- Learning about the Stakeholder-Specific Vulnerability Categorization Guide (SSVC)
Note a Full Transcript of this podcast can be found here:
https://docs.google.com/document/d/1dWDS8rd-iscZuZ28U27IBuPPfrlFAV69/