May 15, 2024

Chris Hughes, Author of Effective Vulnerability Management

43 minutes

Chris Hughes and Nikki Robinson recently wrote the book Effective Vulnerability Management. Dale and Chris discuss the topic and book including:

The definition and scope of vulnerabilities. It's much more than coding errors that need patches.
Are ICS protocols lacking authentication "vulnerabilities"
The reality that most organizations have 100's of thousands of unpatched vulnerabilities. Some statistics and will this change.
Ways to prioritize what vulnerabilities you address.
The SSVC decision tree approach that was introduced at S4 as Never, Next, Now
Tooling … vulnerability management, software configuration, ticketing, remediation.
And much more.

Links:

Effective Vulnerability Management, https://www.amazon.com/Effective-Vulnerability-Management-Vulnerable-Ecosystem/dp/1394221207/
Dale's ICS-Patch Decision Tree, https://dale-peterson.com/wp-content/uploads/2020/10/ICS-Patch-0_1.pdf

...more

By Dale Peterson: ICS Security Catalyst and S4 Conference Chair

4.9

1414 ratings

May 15, 2024

43 minutes

Chris Hughes and Nikki Robinson recently wrote the book Effective Vulnerability Management. Dale and Chris discuss the topic and book including:

The definition and scope of vulnerabilities. It's much more than coding errors that need patches.
Are ICS protocols lacking authentication "vulnerabilities"
The reality that most organizations have 100's of thousands of unpatched vulnerabilities. Some statistics and will this change.
Ways to prioritize what vulnerabilities you address.
The SSVC decision tree approach that was introduced at S4 as Never, Next, Now
Tooling … vulnerability management, software configuration, ticketing, remediation.
And much more.

Links:

Effective Vulnerability Management, https://www.amazon.com/Effective-Vulnerability-Management-Vulnerable-Ecosystem/dp/1394221207/
Dale's ICS-Patch Decision Tree, https://dale-peterson.com/wp-content/uploads/2020/10/ICS-Patch-0_1.pdf

...more