Tips and tricks for effective vulnerability management

Presented at LocoMocoSec 2019, April 18, 2019, 1:30 p.m. (30 minutes).

If you run a vulnerability response or bug bounty program (or both), there's a good chance you're experiencing substantial growth year over year. In this talk, Pieter Ockers of Adobe's PSIRT will tell the story of how incremental steps to mature a vulnerability management framework can help decrease the average number of unresolved vulnerabilities, as well as reducing the average age of unresolved cases. Pieter will share tips on: * Developing productive relationships with resource-constrained engineering teams * Leveraging vulnerability submission platforms to scale your team * Developing vulnerability taxonomies to consistently score risk * Implementing an escalation protocol to improve response outcomes * Selecting the right data for the executive audience * Applications of the 80/20 rule for vulnerability response

Presenters:

• Pieter Ockers - Adobe
  Pieter Ockers is a Senior Security Program Manager and runs Adobe’s Product Security Incident Response Team (PSIRT). Based in San Francisco, Pieter is passionate about engaging with the security research community to build a stronger, more secure and resilient ecosystem.

Links:

• https://locomocosec2019.sched.com/event/MGM9/tips-and-tricks-for-effective-vulnerability-management
• https://infocon.org/cons/LocoMocoSec/LocoMocoSec 2019 Kauai/Tips and tricks for effective vulnerability management - Pieter Okcers.mp4
• https://infocon.org/cons/LocoMocoSec/LocoMocoSec 2019 Kauai/Tips and tricks for effective vulnerability management - Pieter Okcers.eng.srt (subtitles)
• https://www.youtube.com/watch?v=_pdc2KwHvDk

Similar Presentations:

• BSides Austin 2016 / Enterprise Vulnerability Management - Back to Basics
• RVAsec 2021 / 5.4 Million Vulnerabilities and Counting...
• BSidesLV 2023 / Towards Effective & Scalable Vulnerability Management