Build Intelligent Vulnerability Scoring to Optimize Security Residual Risks

  1. Moscone West

This talk will present lessons learned on using machine learning to effectively prioritize security findings in an accurate, verifier-able, and repeatable way with enterprise environment context built-in. We will demonstrate how the method can be integrated into SDLC finding management to optimize SDLC outcome overall from a risk residual point of view. Current gaps in standard body will be discussed.

Learning Objectives:
1: Understand the danger of using severity ratings from different security scanner sources as is.
2: Learn an intelligent method to effectively prioritize findings automatically.
3: Understand the gaps in current CVSS and CWSS standard body and identify improvement opportunities.

Pre-Requisites:
Attendees should have basic knowledges on NIST risk management framework, Common Vulnerability Scoring System (CVSS), Common Weakness Scoring System (CWSS), machine learning and SSDLC.

Download pdf
Participants: