Want to make the most out of your next podcast appearance? https://content.leadquizzes.com/lp/fk1JL_FgeQ

Connect to John Gilroy on LinkedIn   

\https://www.linkedin.com/in/john-gilroy/

Want to listen to other episodes?

www.Federaltechpodcast.com

Donald Rumsfeld is famous for talking about the “unknown unknowns.” Well, today we will be a little more specific and focus on some “knowns.”

Most listeners know that cyber threat companies regularly list vulnerabilities. Jay Wallace estimates VulnCheck alone has a list of 300,000 known threats.

The Cybersecurity & Infrastructure Security Agency (CISA) decided to help federal agencies narrow down this list. They put together a list of vulnerabilities that were specific to federal networks. For example, if no federal agency ever uses “XYZ” software, why should a federal information professional care about it? It is not and will never be on their systems.

The key to understanding the KVE is that CISA will not just put a vulnerability on a list and say, “Good luck.”  They will post a patch to remediate the problem.

VulnCheck helps federal agencies with prioritization, proof of concept, and a community. 

Prioritization

For example, VulnCheck can assist in setting up priorities or these varying threats.

Proof of Concept

For example, during the interview, Jay Wallace mentions something called a Proof of Concept (PoC). VulnCheck can look like software combinations and determine if they can be a threat.

Community

Also, VulnCheck has an active community where these threats are discussed. Just this year, the VulnCheck community has been active in many areas, including making information about vulnerabilities consumed in a more palatable manner.

Malicious actors know about vulnerabilities, and a responsible federal manager should become familiar with how to manage this vulnerability list.