Getting CVSS, NVD, and CVEs to Work for You - Standardizing and Scaling Your Vulnerability Risk Analysis

Explore a comprehensive analysis of vulnerability risk assessment in this 24-minute conference talk from BSidesLV 2019. Delve into the world of Common Vulnerability Exposures (CVEs), Common Vulnerability Scoring System (CVSS), and the National Vulnerability Database (NVD) to standardize and scale your organization's approach to vulnerability risk. Learn about stakeholder involvement, the importance of CVSS, and how to implement these tools effectively. Examine practical examples, including Base Score, Temporal Score, and Environmental Score components, as well as additional mitigations. Discover useful visualizations and understand the limitations of these systems. Conclude with a summary and audience Q&A session to solidify your understanding of vulnerability risk analysis techniques.