Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a critical 32-minute Black Hat conference talk that examines the limitations of CVSS (Common Vulnerability Scoring System) for vulnerability prioritization. With over 170,000 CVEs published since 2014 and approximately 80 new disclosures daily in 2023, organizations face overwhelming challenges in vulnerability management. Learn about six empirically validated operational challenges with CVSS: underrated severity due to CIA aggregation affecting ~10% of CVEs, the unmanageable burden of tracking exploit maturity metrics, missed opportunities in APT and exploitability consideration, inadequate privacy impact assessment, dependency consideration issues affecting 11% of CVEs, and scoring discrepancies due to formula errors in over 100 CVEs. Gain executable guidance for addressing four of these challenges and conceptual frameworks for the remaining two. Presented by a team of cybersecurity experts from JPMorgan Chase, this talk provides essential insights for security professionals seeking to improve vulnerability management beyond simplistic CVSS ratings.
