TLDR; * Context is key. When looking at Vulnerabilities do not just look at CVSS Base score, instead, understand your Risk Profile and add the Environmental elements for better prioritization. * In order to adhere to DevSecOps practices, be pragmatic. Instead of a Big Bang approach, start small and iterate to incorporate
October 27, 2023
TLDR; * For Application Security, start with Threat Modeling including Context. Look at all our architecture diagrams and start evaluating from an attacker's mind. * When using Open Source dependencies, start with a Baseline Vulnerability Scan and do a continuous process to review and evaluate dependencies. * Understand dependencies, SBOM to
October 13, 2023
TLDR; * Context is key when it comes to Vulnerability Management. Instead of focusing on Vulnerabilities by severity, organizations should evaluate the exploitability and actively exploited vulnerabilities for Prioritization. * When looking at Vulnerabilities do not take CVSS Base score at face value, organizations should understand & utilize Temporal and Environmental elements
September 29, 2023