Chris - To set the stage for the discussion of vulnerability management, Rezilion recently had a report that found that organizations had over 100,000 backlogged vulnerabilities. Why do you think things have gotten so bad?

Chris - Leaders also stated that they are able to patch less than half of that backlog, thousands of vulnerabilities never get addressed. Doesn't this create a situation ripe for malicious actors to exploit?

Nikki - You have a background in both data science and security research - where do you feel like the intersection of both of these areas meets? Do you feel like we need more data science experience in cybersecurity? 

 Nikki - Vulnerability management - my favorite topic. Why do you think people are just now starting to bring back up vuln mgmt? It seems like it's been almost 10 years since I've seen substantial research and guidance in this area. 

Nikki - Security research is seen in two distinct ways - in both the vulnerability identification and in academia - but both are looking at different problems and solving in different ways. Where can the two sides of the coin come together and benefit from sharing research? 

Chris - On the topic of vulnerability prioritization, organizations seem to be struggling. We know going simply based off of CVSS isn't wise, what are some prioritization tactics organizations can take to address vulnerabilities that pose the most risk in that massive backlog we discussed earlier?

Chris - We know that less than 1-2% of CVE's are generally exploited by malicious actors, and while that number may sound small, as the number of published vulnerabilities grow, that 1-2% represents more and more exploitable vulnerabilities. What do you think is driving the growth of CVE's, from a few thousand in the 1990s to over 190,000 now?

Nikki - What are the top 3 trends you're seeing in vulnerability management and identifying vulnerabilities? What should we be most concerned with? 

Nikki -  What does cyber resilience mean to you?