Explore the nuances of vulnerability scanning in cloud-native projects through this insightful 30-minute conference talk by Shubha Badve and Ross Tannenbaum from Red Hat. Delve into the challenges of understanding vulnerability context and relevance, especially given the varying quality of scanners. Learn which vulnerability feeds are most helpful, what tools to utilize, and critically assess whether all vulnerabilities truly matter. Gain valuable insights on prioritizing elements in vulnerability scanners and identifying where the real value lies. Discover best practices for implementing and evaluating the success of a vulnerability scanner. By the end of the presentation, acquire a comprehensive understanding of the vulnerability scanner ecosystem, learn how to accurately assess vulnerabilities, and effectively integrate a vulnerability scanner into daily workflows. This talk is essential for professionals seeking to enhance their cloud-native security practices and make informed decisions about vulnerability management.
CVE Context Matters - Prioritizing Vulnerabilities in Cloud-Native Projects
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
CVE Context Matters, but Do All Vulnerabilities Really Matter? - Shubha Badve & Ross Tannenbaum
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Assessing Vulnerabilities and Reducing Risk
-
Vulnerability Management Best Practices and Common Pitfalls
-
Power of AI: DevSecOps and Cloud Artifact Signing Explored - Sessions 1 and 2
-
Scan, Patch, VEX - Using Open Source Tools to Manage Vulnerabilities in Containers
-
Are We Forever Doomed to Software Supply Chain Security?
-
Untrusted Execution - Attacking the Cloud Native Supply Chain
