Episode #6—Deepfactor’s ‘Next-Gen AppSec’ series:
Vulnerability Management: What are companies getting right, and wrong?
The volume of CVEs continues to rise steadily each year. By this time, most organizations have created some level of an AppSec program, but many aren’t a success because of the sheer number of vulnerability alerts they have created. Security teams are now putting prioritization methods in place, from filtering using CVSS severity scores and EPSS exploit availability scores, down to more granular filters to determine which of the vulnerabilities are also reachable and used at runtime. But even with these highly filtered results, who’s going to fix what? What do the workflows look like and how should they be optimized?
For this discussion, Patrick Garrity, Vulnerability/Cybersecurity Researcher for VulnCheck, joins Deepfactor Founder/CEO Kiran Kamity to discuss trends, best practices, what’s being done right and wrong when it comes to vulnerability management, drawing on real-world examples. They also discuss what the future looks like as vulnerability and exploit volumes grow.