Should we even care about vulnerability severity scores?
Everyone fears the dreaded 10-out-of-10 CVSS severity score on a vulnerability with "critical" written somewhere on the advisory. But does that number even matter to an attacker or hypothetical defender? Matt, Mitch and Lurene discuss the various ways the security community classifies vulnerabilities and how potential targets can use that information to their advantage. They discuss patching strategies, potential security holes that attackers look for and real-world cases of vulnerabilities that have led to breaches or cyber attacks. Other suggested talking points:Band jam sessionsConference season getting underwayWhether Tom Petty's music is actually complex
Audio is streamed directly from the publisher (buzzsprout.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Everyone fears the dreaded 10-out-of-10 CVSS severity score on a vulnerability with "critical" written somewhere on the advisory. But does that number even matter to an attacker or hypothetical defender? Matt, Mitch and Lurene discuss the various ways the security community classifies vulnerabilities and how potential targets can use that information to their advantage. They discuss patching strategies, potential security holes that attackers look for and real-world cases of vulnerabilities that have led to breaches or cyber attacks.
Other suggested talking points:
- Band jam sessions
- Conference season getting underway
- Whether Tom Petty's music is actually complex