June 9, 2023: A Week in Vulnerability Management with Patrick Garrity
This week was an exciting week in vulnerability management... here's an overview of what you missed hosted by Patrick Garrity, Cybersecurity Researcher and Leader at Nucleus Security.
▬▬▬▬ A Week in Vulnerability Management ▬▬▬▬▬
0:00 - Intro
0:21 - Monday: CISA KEV / MSRC
2:13 - Tuesday: Verizon 2023 DBIR
3:07 - Wednesday: Interactive CISA KEV
3:51 - Thursday: CVSS V4.0
4:41 - Thursday: EPSS V3 vs CVSS V3.1
5:52 - Wrap Up
Monday: I explored the correlation between the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog (KEV) and Microsoft's Security Response Center (MSRC). The striking correlation suggests that CISA relies on MSRC as a source for identifying exploited Microsoft vulnerabilities. Let's encourage better coordinated exploitation disclosure!
Tuesday: Verizon's 2023 Data Breach Investigation Report (DBIR) is out! The report now includes mapping Center for Internet Security (CIS) controls to incident classifications, empowering organizations to prioritize security efforts and assess their posture based on historical incidents and breaches. I published a Nucleus Security cheat sheet that outlines these controls.
Wednesday: I introduced an interactive version of the CISA KEV catalog, allowing for more detailed exploration of vendors, products, and vulnerabilities. Data visualizations like these have the potential to revolutionize vulnerability management. Let's embrace enhanced insights and accessibility!
Thursday: FIRST announced the public preview of CVSS V4.0, bringing exciting changes to vulnerability analysis. I created a visualization comparing the metrics of CVSS V3.1 and V4.0 to help understand the differences. Your feedback on areas for further improvement is crucial!
Late Thursday: In my latest post, I compared EPSS V3 against CVSS V3.1 using the CISA KEV catalog. EPSS outperformed CVSS, requiring less effort to achieve the same coverage of vulnerabilities. Remember to supplement #EPSS or #cvss with intelligence feeds including KEV, Mandiant (now part of Google Cloud) and GreyNoise Intelligence for optimal prioritization.
Join the conversation and share your thoughts on these important topics in vulnerability management. Let's work together to strengthen our cybersecurity defenses!
#cybersecurity #infosecurity #riskmanagement #vulnerabilitymanagement #securityoperations #security #cisa #InfoSec #CVSS #CISA #ThreatIntel #SoftwareSupplyChain
