Tuesday, June 20, 2023
More than just patching: The overlooked aspects of vulnerability management

When someone mentions vulnerability management, what immediately comes to mind? Probably patching, for one. But don't fall into a trap: There's more to vulnerabilities than just patching, so it's important to take a holistic focus toward VM. This session will review some of the key elements of vulnerability management that patching doesn't cover, including: asset management, application security and contending with open-source code and end-of-life software.

Bertrum Carroll
Strengthening the security of your software supply chain with dynamic scanning

With the rapid pace of development, web applications are increasing in sophistication every day, with more and more organizations relying on tiers of suppliers to deliver their products or services. Each of these external parties can expose organizations to new risks based on their ability to properly manage their own vulnerabilities. Whilst many organizations are implementing important security measures, such as SBOMs, these alone may not be enough to efficiently manage and mitigate supply chain security risks. 

Join Invicti’s Mark Townsend, VP of Professional Services, as he shares real-life customer success stories and provides best practices that will help reduce the risk of supply chain security issues.  

In this presentation, you will learn:
•    The drivers behind software supply chain security issues
•    How to discover, manage, and mitigate web vulnerabilities in your own as well as 3rd party applications
•    How to build a secure software supply chain by incorporating DAST as part of your application security and vulnerability management process

Mark Townsend
Risk-based scoring: The new standard in vulnerability management

Are you struggling to manage the ever-increasing number of critical vulnerabilities? Traditional approaches to vulnerability management, which rely solely on the National Vulnerability Database (NVD) and the Common Vulnerability Score System (CVSS), are no longer sufficient to manage the complex risks in today’s cloud environments.
Learn how the latest risk-based vulnerability scoring can help you prioritize vulnerabilities based on their runtime impact, likelihood of exploitation, and asset criticality, all tailored to your unique cloud environment.
Discover how our latest capabilities and enhancements enable you to:
•    Reduce 90% of vulnerability noise
•    Identify active vulnerable software packages
•    Gain visibility into the top risks and attack paths leading to critical assets

Kate MacLean Nolan Karspinski
Software Supply Chain Security Risks and the Need for Modern AppSec

Snyk, highlights the need for organizations to modernize AppSec practices to deal with software supply chain security risks and shares:
•    What is software supply chain and risks associated with it
•    How to identify risks and build mitigation strategies throughout the software development processes
•    How AppSec programs must evolve to accommodate software supply chain risks

Mic McCully
Exterminate on sight: A snapshot of today's most dangerous bugs

Cybercriminals are always adding to their arsenal of digital weaponry, as they oportunistically look for the best vulnerabilities to abuse. Sometimes they opt for the latest exploit; other times they revert back to an oldie-but-goodie. This threat intelligence-based session will take a current, timely look at today's most commonly exploited vulnerabilities, so you can prioritize efforts to eliminate them from your organization.

Dustin Childs
Wednesday, June 21, 2023
Revising VM approaches to account for open-source software

The rapidly expanding use of open-source software is causing cybersecurity thought leaders to ponder how to more effectively reduce vulnerabilities across the entire software ecosystem. For instance, a recent report by the Institute for Security & Technology (IST) advocates for a shared responsibility model around open-source software security, as well as further support for software development frameworks, policies and licenses, and a more progressive approach to vulnerability management and mitigation. Other recommendations include VM measures that comply with existing risk assessment structures; more efficient patching and better cooperation between public and private stakeholders. This session will take us through the key takeovers from IST’s report, from the perspective of one of its authors.

Marc Rogers
Dragos Vulnerability briefing - ICS/OT cybersecurity year in review

In 2022, published vulnerabilities impacting ICS/OT increased by 27 percent compared to the year before. Dragos analyzed 2170  of these common vulnerabilities and exposures (CVE) last year, providing actionable prioritization and mitigation guidance to defenders of industrial control systems.
Join us as Dragos vulnerability analysts Nick Cano and Logan Carpenter share insights on ICS/OT advisories they have helped assess and correct in 2022, as well as:
•    Key ICS/OT vulnerability trends
•    Insights from vulnerabilities that made headlines
•    Why patching isn’t always needed

Logan Carpenter Nick Cano
Lingering unpatched vulnerabilities: Time to end the excuses

It can be a real head-scratcher as to why certain organizations continue to allow publicly known vulnerabilities to go unpatched, despite the risk of exploitation. This panel will seek to address the root causes of this negligence. Is it a security culture problem? An awareness problem? A resources problem? A visibility and tools problem? At a certain point, these reasons are no longer reasonable, and simply become empty excuses, which is why it's time to address these barriers to timely patching in a meaningful way.

Keith Busby Thien La Matthew Ramsey
Best practices for managing vulnerability risk across the software Supply chain

Attend this session and take a close look at the impact of vulnerabilities across the software supply chain. We will go beyond mere vulnerability identification and explore how vulnerability and asset risk data aggregation and prioritization across attack surfaces can fundamentally transform supply chain risk management. 
During this webinar, we will cover the following key topics:
1.    Introduction to the Software Supply Chain: An overview of the software supply chain, its components, and stakeholders such as software developers, DevOps, IT and security teams.
2.    The Domino Effect: A vulnerability in one part of the software supply chain can have far-reaching consequences. We'll examine the cascading impact a single component or supplier can have on an entire chain's security and risk posture.
3.    Beyond Isolated Vulnerabilities: Learn how organizations can improve their handle on risk by drawing connections between vulnerabilities across the chain. We'll discuss the benefits of managing vulnerabilities collectively rather than in isolation.
4.    Implications for Organizational Risk: See how software supply chain vulnerabilities impact an organization's risk profile. A proactive approache to vulnerability risk management can improve risk mitigation and safeguard reputation and customer trust.
Join us for this session as we unravel the complexities of software supply chain vulnerability management and provide actionable steps to reduce risk.

Yair Divinsky Dror Malovany
Mitigation vs. Micropatching vs. Full Remediation: A comparison

Sometimes a patch isn't the only answer. When contending with software bugs, organization may instead opt for an alternative approach, such as a mitigation or workaround, or micropatching. The approach you go with may depend on where you land on the security vs. disruption debate. This session will look at the various approaches to fixing bugs, including their pros and cons, and when certain strategies are inadvisable.

Kevin Johnson

** Check back for updates to this tentative agenda