Tuesday, June 20, 2023 | |||
---|---|---|---|
More than just patching: The overlooked aspects of vulnerability management | When someone mentions vulnerability management, what immediately comes to mind? Probably patching, for one. But don't fall into a trap: There's more to vulnerabilities than just patching, so it's important to take a holistic focus toward VM. This session will review some of the key elements of vulnerability management that patching doesn't cover, including: asset management, application security and contending with open-source code and end-of-life software. | Bertrum Carroll - Employers | |
Strengthening the security of your software supply chain with dynamic scanning | With the rapid pace of development, web applications are increasing in sophistication every day, with more and more organizations relying on tiers of suppliers to deliver their products or services. Each of these external parties can expose organizations to new risks based on their ability to properly manage their own vulnerabilities. Whilst many organizations are implementing important security measures, such as SBOMs, these alone may not be enough to efficiently manage and mitigate supply chain security risks. Join Invicti’s Mark Townsend, VP of Professional Services, as he shares real-life customer success stories and provides best practices that will help reduce the risk of supply chain security issues. In this presentation, you will learn: | Mark Townsend - Invicti Security | |
Risk-based scoring: The new standard in vulnerability management | Are you struggling to manage the ever-increasing number of critical vulnerabilities? Traditional approaches to vulnerability management, which rely solely on the National Vulnerability Database (NVD) and the Common Vulnerability Score System (CVSS), are no longer sufficient to manage the complex risks in today’s cloud environments. | Kate MacLean - Lacework Nolan Karspinski - Lacework | |
Software Supply Chain Security Risks and the Need for Modern AppSec | Snyk, highlights the need for organizations to modernize AppSec practices to deal with software supply chain security risks and shares: | Mic McCully - SNYK | |
Exterminate on sight: A snapshot of today's most dangerous bugs | Cybercriminals are always adding to their arsenal of digital weaponry, as they oportunistically look for the best vulnerabilities to abuse. Sometimes they opt for the latest exploit; other times they revert back to an oldie-but-goodie. This threat intelligence-based session will take a current, timely look at today's most commonly exploited vulnerabilities, so you can prioritize efforts to eliminate them from your organization. | Dustin Childs - Zero Day Initiative | |
Wednesday, June 21, 2023 | |||
Revising VM approaches to account for open-source software | The rapidly expanding use of open-source software is causing cybersecurity thought leaders to ponder how to more effectively reduce vulnerabilities across the entire software ecosystem. For instance, a recent report by the Institute for Security & Technology (IST) advocates for a shared responsibility model around open-source software security, as well as further support for software development frameworks, policies and licenses, and a more progressive approach to vulnerability management and mitigation. Other recommendations include VM measures that comply with existing risk assessment structures; more efficient patching and better cooperation between public and private stakeholders. This session will take us through the key takeovers from IST’s report, from the perspective of one of its authors. | Marc Rogers - Institute for Security and Technology (IST) | |
Dragos Vulnerability briefing - ICS/OT cybersecurity year in review | In 2022, published vulnerabilities impacting ICS/OT increased by 27 percent compared to the year before. Dragos analyzed 2170 of these common vulnerabilities and exposures (CVE) last year, providing actionable prioritization and mitigation guidance to defenders of industrial control systems. | Logan Carpenter - Dragos Nick Cano - Dragos | |
Lingering unpatched vulnerabilities: Time to end the excuses | It can be a real head-scratcher as to why certain organizations continue to allow publicly known vulnerabilities to go unpatched, despite the risk of exploitation. This panel will seek to address the root causes of this negligence. Is it a security culture problem? An awareness problem? A resources problem? A visibility and tools problem? At a certain point, these reasons are no longer reasonable, and simply become empty excuses, which is why it's time to address these barriers to timely patching in a meaningful way. | Keith Busby - Centers for Medicare & Medicaid Services Thien La - GHX Matthew Ramsey - BlueHalo | |
Best practices for managing vulnerability risk across the software Supply chain | Attend this session and take a close look at the impact of vulnerabilities across the software supply chain. We will go beyond mere vulnerability identification and explore how vulnerability and asset risk data aggregation and prioritization across attack surfaces can fundamentally transform supply chain risk management. | Yair Divinsky - Vulcan Cyber Dror Malovany - Vulcan Cyber | |
Mitigation vs. Micropatching vs. Full Remediation: A comparison | Sometimes a patch isn't the only answer. When contending with software bugs, organization may instead opt for an alternative approach, such as a mitigation or workaround, or micropatching. The approach you go with may depend on where you land on the security vs. disruption debate. This session will look at the various approaches to fixing bugs, including their pros and cons, and when certain strategies are inadvisable. | Kevin Johnson - Secure Ideas |
** Check back for updates to this tentative agenda