Tales from the PSIRT: 10 Years of Bugs, Vulnerabilities and CVEs

Posted on in Presentations

The Product Security Incident Response Team (PSIRT) is a critical part of keeping your IT infrastructure secure, by finding, fixing and reporting product vulnerabilities. But how do they function, and what do they see? We’ll go beyond the lawyer-approved response policies and SLAs and see how a mid-sized IT product company goes from vulnerability discovery to CVE number.

Learning Objectives:
1: Gain insight into the different maturity levels of vendor PSIRTs.
2: Understand how product vulnerability management affects supply chain security.
3: Improve your risk management by engaging more effectively with vendor PSIRTs.

Past experience with reviewing product vulnerability advisories would be helpful to understand context. Programming background in C, PHP and/or Python would help the examples make more sense.

Jon Green


VP and Chief Security Technologist, Aruba Networks / HPE

DevSecOps & Application Security

supply chain risk & vulnerability assessment patch vulnerability & configuration management application security



Share With Your Community