The Etiology of Vulnerability Exploitation

Posted on in Presentations

Etiology is the study of causation, and the presenters wanted to understand why some vulnerabilities are exploited but many aren’t. Curiosity led them on a journey through tens of thousands of vulnerabilities, CVSS scores, CVE, NVD, scraping mailing lists, collecting data feeds and ultimately ended up with a few dozen data points that helped them understand the probability of a vulnerability being exploited.

Learning Objectives:
1: Recognize that vulnerability mgmt is improved by looking at the big picture and not just technical aspects.
2: Understand that existing vuln scoring systems cannot be taken at face value but must be validated.
3: Understand that however you prioritize remediation efforts, it’s testable.

This session will run through all sorts of vulnerability terms and frameworks (CVE, NVD, CPE, CVSS, CWE), talking about what separates vulnerabilities in the space. Attendees should have at least cursory knowledge of different types of flaws and vulnerabilities (things covered by CWEs). Working in or at least around security vulnerabilities and/or patch management will be quite helpful for getting the most out of this talk.

Jay Jacobs


Co-founder and Chief Data Scientist, Cyentia Institute

Michael Roytman


Chief Data Scientist, Kenna Security

Share With Your Community