Using Decision Trees for Vulnerability Prioritization With SSVC
In an industry where it feels like you can never get ahead of your high-priority vulnerabilities, decision trees are one of the best resources for addressing critical threats first, allocating resources more efficiently, and ultimately reducing risk to your org – if you know how to use them effectively.
In this webinar, Patrick Garrity, Security Researcher at Nucleus Security, will be joined by Stephen Shaffer, Staff Security Automation Engineer at Peloton Interactive, Jonathan Spring, Cybersecurity Specialist at CISA, and Chris Madden, Sr Principal Technical Security Engineer at Yahoo, to talk about the benefits of using SSVC Decision Trees to automate your vulnerability triage process, and also share real-world examples of how to build out a decision criteria that will address critical vulnerabilities first.
Throughout the webinar, our panelists will cover:
An overview of Stakeholder-Specific Vulnerability Categorization (SSVC)
The key problems that SSVC addresses
When to leverage SSVC over CVSS
Tips for building decision criteria for better decision making
How to automate prioritization at scale through SSVC decision trees
By the end of the conversation, attendees will have a clear understanding of how to use SSVC decision trees to tailor the decision-making process to the unique needs and concerns of their stakeholders, ensuring a more focused and effective approach to vulnerability prioritization.
SSVC: https://github.com/CERTCC/SSVC Prioritized Risk Remediation: https://github.com/theparanoids/Prior... Flipping the Vulnerability management Model CVSS to SSVC: / urn:li:activity:7077608680635965440
