Sr Principal Safety Engineer Oracle, United States
Vulnerability scanning and remediation just stinks. We know it's terrible, but we have to do it. However, what if we could make it both dramatically easier and more accurately express vulnerabilities? Paradoxically, most large organizations are far more vulnerable than their reports and scans would suggest, even as orchestration and CI/CD have created the means to stamp out Internet-facing vulnerabilities. This interactive presentation will explore and explain both of those extremes - [1] examining the hidden application risks of old apps that receive no CVE reports, and how to represent that risk, and [2] provide a strategy for dramatically reducing the footprint of vulnerability scanning, as well as the exposure to the enterprise. using CI/CD, immutable images and rapid repave to stamp out risk.
Learning Objectives:
model the hidden risks of unsupported COTS applications in the environment, enabling risk-based heat map reporting and governance to drive portfolio optimization
describe the means for a weighted view of application vulnerability reporting, enabling improved risk-informed reports and driving accountability for assumed risks
determine the feasibility for rolling applications to a rapid-repave model to deliver improved vulnerability management and user satisfaction
