Security teams can become overwhelmed with vulnerability reports. A myriad of tools exist that provide all kinds of reporting on suspected vulnerabilities in software. False positives (and negatives) are usually present in the data. For the security team, this can create a situation where more time is spent managing the data and reports than fixing things or helping other teams focus their patching efforts.
In order to triage and focus effort on the greatest risk to the business, a different approach may be
needed than the traditional compliance-based ones or systems based on CVSS scores.
In this webinar we’ll start out by defining what exactly the term vulnerability means, how to measure that, and then explore a more risk-based approach.