Explore a conference talk that delves into the challenges of managing vulnerabilities in large-scale IT infrastructure. Learn how Japan's largest telecom carrier developed a practical Stakeholder-Specific Vulnerability Categorization (SSVC) method to prioritize and efficiently respond to vulnerabilities. Discover the results of applying this SSVC method to over 50,000 vulnerabilities, revealing that only 8% required immediate attention. Gain insights into the issues faced with traditional CVSS scoring, the benefits of SSVC, and how to implement this method for more effective vulnerability management in your own organization.
Reassessing 50,000 Vulnerabilities: Insights from SSVC Evaluations in Japan's Largest Telco
Overview
Syllabus
Ground Truth, Tue, Aug 6, 20:30 - Tue, Aug 6, CDT
Taught by
BSidesLV
