Don’t judge a vulnerability by its CVSS score (hackerhotel2025)

The total number of vulnerabilities continues to rise. If we had to rely on just CVSS for prioritizing those vulnerabilities, we have an enormous hard time to remediate all of them. In this talk, we’ll explore the critical gaps in CVSS-based prioritization and discuss why factors like exploitability, asset criticality, and real-time threat intelligence are way more important. Expect real-world examples, a touch of humor, and actionable insights to help you move beyond the CVSS score and toward a smarter, risk-based approach to vulnerability management. Because let’s face it: a CVSS 7 can be way more critical to your organization then a CVSS 9! Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.hackerhotel.nl/2025/talk/DHNUWQ/