Sign up to save your podcasts
Or
Share The Simple Mistakes and Complex Seeds of a Vulnerability Management Program - Emily Fox - ASW #275
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Simple Mistakes and Complex Seeds of a Vulnerability Management Program - Emily Fox - ASW #275
The need for vuln management programs has been around since the first bugs -- but lots of programs remain stuck in the past. We talk about the traps to avoid in VM programs, the easy-to-say yet hard-to-do foundations that VM programs need, and smarter ways to approach vulns based in modern app development. We also explore the ecosystem of acronyms around vulns and figure out what's useful (if anything) in CVSS, SSVC, EPSS, and more.
Segment resources:
- https://www.redhat.com/en/blog/patch-management-needs-a-revolution-part-1
- https://next.redhat.com/blog/
- https://www.first.org/cvss/v4-0/
- https://www.first.org/epss/
- https://deadliestwebattacks.com/appsec/2010/02/19/primordial-cross-site-scripting-xss-exploits -- For a bit of history, one of the earliest "bugs bounty" from 1995.
A SilverSAML example similar to the GoldenSAML attack technique, more about serializing AI models for Hugging Face, OWASP releases 1.0 of the IoT Security Testing Guide, the White House releases more encouragement to move to memory-safe languages, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-275
View all episodes
By Security Weekly Productions
4.9
1212 ratings
The need for vuln management programs has been around since the first bugs -- but lots of programs remain stuck in the past. We talk about the traps to avoid in VM programs, the easy-to-say yet hard-to-do foundations that VM programs need, and smarter ways to approach vulns based in modern app development. We also explore the ecosystem of acronyms around vulns and figure out what's useful (if anything) in CVSS, SSVC, EPSS, and more.
Segment resources:
- https://www.redhat.com/en/blog/patch-management-needs-a-revolution-part-1
- https://next.redhat.com/blog/
- https://www.first.org/cvss/v4-0/
- https://www.first.org/epss/
- https://deadliestwebattacks.com/appsec/2010/02/19/primordial-cross-site-scripting-xss-exploits -- For a bit of history, one of the earliest "bugs bounty" from 1995.
A SilverSAML example similar to the GoldenSAML attack technique, more about serializing AI models for Hugging Face, OWASP releases 1.0 of the IoT Security Testing Guide, the White House releases more encouragement to move to memory-safe languages, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-275
More shows like Application Security Weekly (Audio)
View all
Security Now (Audio)
2,009 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
370 Listeners
Risky Business
374 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
CyberWire Daily
1,023 Listeners
The Application Security Podcast
36 Listeners
Business Security Weekly (Audio)
3 Listeners
Click Here
418 Listeners
Darknet Diaries
8,048 Listeners
Cybersecurity Today
181 Listeners
CISO Series Podcast
189 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
138 Listeners
Risky Bulletin
44 Listeners
Hacker And The Fed
168 Listeners