1: Recognize that vulnerability mgmt is improved by looking at the big picture and not just technical aspects.
2: Understand that existing vuln scoring systems cannot be taken at face value but must be validated.
3: Understand that however you prioritize remediation efforts, it’s testable.
This session will run through all sorts of vulnerability terms and frameworks (CVE, NVD, CPE, CVSS, CWE), talking about what separates vulnerabilities in the space. Attendees should have at least cursory knowledge of different types of flaws and vulnerabilities (things covered by CWEs). Working in or at least around security vulnerabilities and/or patch management will be quite helpful for getting the most out of this talk.