Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

How CVSS is DOSsing Your Patching Policy - and Wasting Your Money

Black Hat via YouTube

Overview

Explore a critical analysis of the Common Vulnerability Scoring System (CVSS) in this Black Hat USA 2013 conference talk. Delve into the effectiveness of CVSS as a risk metric and prioritization tool for vulnerability patching. Examine real attack data to assess the practical implications of using CVSS scores for security decision-making. Learn about the potential over-investment risks associated with CVSS-based patching strategies, which can reach up to 300% of an optimal approach. Gain insights into the statistical significance of the findings and their practical applications. Evaluate whether CVSS is truly an effective method for prioritizing vulnerability management in your organization. Cover topics such as vulnerability assessment, data set analysis, exploitability factors, case control studies, sensitivity and specificity comparisons, and the impact of CVSS scores on patching policies.

Syllabus

Introduction
Vulnerabilities
What is CVSS
Double Vision
Insecurity
Data Sets
Distribution
Exploitability
Case Control Study
Comparison
Example
Sensitivity
Sensitivity vs Specificity
Pacing
Visualizing CVSS
Patching Policy
National Grid
Batches
Shock Analysis
CVSS Score
Temporal Scores
Temporal Information

Taught by

Black Hat

Reviews

Start your review of How CVSS is DOSsing Your Patching Policy - and Wasting Your Money

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.