Overview
Explore the risks associated with third-party libraries in this Black Hat conference talk. Delve into vulnerability statistics, exposure metrics, and case studies of companies addressing patch management challenges. Learn how to evaluate vendor and product security using metrics beyond vulnerability counts and patch frequency. Understand the concept of Time of Exposure and its impact on risk assessment. Discover concrete actions to mitigate risks in your environment, including strategies for working with vendors, prioritizing vulnerabilities, and communicating with leadership. Gain insights into source code scanning, active testing, and streaming vulnerability management techniques to enhance your organization's security posture.
Syllabus
Intro
Vulnerability Statistics
Scary Poodle
Library Data
Library Data Breakdown
Vulnerability Timeline Exposure Metrics
Why Care
VTime
Dates
Time To Patch
Metrics
Seagate Nass
Oyun
Technical Support
When To Contact Vendors
Average Patch Time
Zero Day
Exploit Availability
Exposure Analysis
Why Does This Matter
How Long Does The Patch Take
Time Of Exposure
Black Hat
Excel
VMware
Source Code Scanning
Active Testing
Streaming Vulnerability
Prioritization Matters
Manage Your Risk
Talk To Your Leadership
Work With Vendors
Contact Us
Taught by
Black Hat