The Etiology of Vulnerability Exploitation


Posted on in Presentations

Etiology is the study of causation, and the presenters wanted to understand why some vulnerabilities are exploited but many aren’t. Curiosity led them on a journey through tens of thousands of vulnerabilities, CVSS scores, CVE, NVD, scraping mailing lists, collecting data feeds and ultimately ended up with a few dozen data points that helped them understand the probability of a vulnerability being exploited.

Learning Objectives:
1: Recognize that vulnerability mgmt is improved by looking at the big picture and not just technical aspects.
2: Understand that existing vuln scoring systems cannot be taken at face value but must be validated.
3: Understand that however you prioritize remediation efforts, it’s testable.

Pre-Requisites:
This session will run through all sorts of vulnerability terms and frameworks (CVE, NVD, CPE, CVSS, CWE), talking about what separates vulnerabilities in the space. Attendees should have at least cursory knowledge of different types of flaws and vulnerabilities (things covered by CWEs). Working in or at least around security vulnerabilities and/or patch management will be quite helpful for getting the most out of this talk.

Participants
Jay Jacobs

Participant

Co-founder and Chief Data Scientist, Cyentia Institute

Michael Roytman

Participant

Chief Data Scientist, Kenna Security


Share With Your Community