032. An Intro: Vulnerability Management

What does vulnerability management, mean to you? How do you deal with these issues and track this information? Our Technical Director, Holly Grace Williams discusses the process of pulling together vulnerability information and how certain industry scoring systems for vulnerabilities can be misleading. Key points: 0’43 Keeping track of vulnerability information 3’30 Vulnerability aggregation 6’10 Scoring vulnerabilities with CVSS 12’45 ‘High risk’ can mean different things 19’25 Grouping assets into services 27’52 Reporting vulnerabilities to the board 29’24 Tracking vulnerability recurrence We’d love to hear how you’re tracking vulnerability information? Let us know on social via Twitter or LinkedIn! Useful links: Common Vulnerability Scoring Systems version 3.1 - https://www.first.org/cvss/calculator/3.1 OWASP Top 10 - https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project Download on iTunes: apple.co/2Ji61Ek Listening time: 36 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma