1. Moscone West 2007

This talk will present lessons learned on using machine learning to effectively prioritize security findings in an accurate, verifier-able, and repeatable way with enterprise environment context built-in. We will demonstrate how the method can be integrated into SDLC finding management to optimize SDLC outcome overall from a risk residual point of view. Current gaps in standard body will be discussed.

Learning Objectives:
1: Understand the danger of using severity ratings from different security scanner sources as is.
2: Learn an intelligent method to effectively prioritize findings automatically.
3: Understand the gaps in current CVSS and CWSS standard body and identify improvement opportunities.

Pre-Requisites:
Attendees should have basic knowledges on NIST risk management framework, Common Vulnerability Scoring System (CVSS), Common Weakness Scoring System (CWSS), machine learning and SSDLC.

Download pdf
Participants: