Explore a comprehensive conference talk on managing security vulnerabilities in released products. Learn why common solutions like relying solely on MITRE's CVE database or upgrading to the latest software versions are flawed. Discover alternatives, best practices for reducing time between fix announcements and deployments, and effective strategies for staying current with security issues. Delve into the complexities of security response management, CVE workflows, and tools for CVE system and build/source analysis. Examine the challenges of security management, including cost considerations and the differences between defect systems and security management. Get introduced to the SRTool and its features designed to implement best practices in vulnerability management.
Keeping Up with CVEs - Security Response Management Best Practices
Overview
Syllabus
Intro
Security Response Management
General Security Patch Workflow
Upstream CVE Sources
CVE Workflow: Out-of-order/Delayed
A High Profile CVE - Simplified
Volume of CVE Data: Issues
Volume of CVE Data: Example
Tools: CVE System Analysis
Tools: CVE Build/Source Analysis
Security Management: Issues
Security Management Services
Defect systems vs. Security Management
Cost overview: Necessary costs
Cost overview: Unnecessary costs
Best Practices (2)
Introducing the SRTool
Srtool Features for Best Practices
SRTool: Vulnerability Page Example
SRTool: Object Model
SRTool: Functional Layout
Conclusion
Taught by
Linux Foundation
Tags
Related Courses
-
Executive Vulnerability Management
-
Managing Information System Security Architecture
-
Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery
4.0 -
Vulnerability Management Best Practices and Common Pitfalls
-
Security Vulnerability Assessments - Process and Best Practices
-
Open Source Security: Best Practices for Early Detection and Risk Mitigation
