#107 - Consolidating Vulnerability Management (with Jeff Gouge)

Special thanks to Jeff Gouge for sharing his thoughts on consolidating vulnerability management.  We also thank our sponsor Nucleus Security for supporting this episode. Consistently tracking and prioritizing vulnerabilities is a difficult problem.  This episode talks about it in detail and helps you increase your understanding in: Various application security scanning tools (SAST, DAST, SCA, Container, IoT, Secret Scanners, Cloud Security Scans, ...) and why companies need so many How CVSS base scores are actually calculated so you can understand its strengths and weaknesses How Threat Intelligence Data improves CVSS scoring Knowing which vulnerabilities are being actively exploited by bad actors through the CISA Known Exploited Vulnerabilities Catalog Knowing with vulnerabilities are being exploited in your industry or organization Knowing how the Exploit Prediction Scoring System (EPSS) can predict which vulnerabilities will be exploited soon Learning about the Stakeholder-Specific Vulnerability Categorization Guide (SSVC) Note a Full Transcript of this podcast can be found here: https://docs.google.com/document/d/1dWDS8rd-iscZuZ28U27IBuPPfrlFAV69/