Vulnerability Management Systems Flawed - Leaving your Enterprise at High Risk

Presented at BSidesDC 2016, Oct. 22, 2016, 11:30 a.m. (50 minutes)

Vulnerability management (VM) solutions and products that are central to every information security program contain a serious “hidden” flaw. This software flaw is interleaved within pattern matching-like algorithms located deep within the foundational core of the most widely used automated VM solutions on the market. As a direct consequence of this flaw, even though these products report a certain level of network security risk, the metric upon which their calculations are based is skewed, resulting in an unintentional gap between the products’ intended information risk measurement and the erroneous measurement actually reported.

This session covers the technical details of the referred to hidden flaw, its consequences and what you can do to limit your exposure.


Presenters:

  • Gordon MacKay - CTO at Digital Defense Inc. (DDI)
    Gordon MacKay, CISSP, serves as CTO for Digital Defense, Inc. He applies mathematical modeling and engineering principles in investigating solutions to many of the challenges within the information security space. His solution to matching network discovered hosts within independent vulnerability assessments across time resulted in achieving patent-pending status for the company’s scanning technology. MacKay has presented at numerous security related conferences, including RSA 2013, Bsides Austin 2016, BSides SATX 2016, BSides Dallas 2015, ISC2 Alamo Chapter, ISSA Houston, ISACA San Antonio, many others, and has been featured by top media outlets such as CIO Review, FOX Business, Softpedia, IT World Canada and others. He holds a Bachelor's in Computer Engineering from McGill University. He is a Distinguished Ponemon Institute Fellow.

Links:

Similar Presentations: