If a picture is worth a thousand words, then a CVSS score is worth two hundred and fifty. Join this session to explore the limitations of CVSS scores and the benefits of a risk-based approach to vulnerability scoring which factors in availability of exploits, patches, and scale of deployments. The session will wrap-up with pros and cons of the alphabet soup of options: EPSS, SSVC, VPR and more.

RSA® Conference, the world’s leading information security conferences and expositions, concluded its 30th annual event, which took place as a fully virtual experience this week. This year’s theme was Resilience, and in honor of all that the cybersecurity industry has accomplished over the past three decades, offered a must-attend celebration of thought leadership and education.


More than 20,000 people registered to view 449 sessions including, keynotes, track sessions, interactive programs, tutorials, seminars, and many special digital-first programs that focused on best practices and innovation. The content covered many of the industry’s most pressing topics, including privacy, machine learning and artificial intelligence, analytics, anti-fraud, policy and government, and risk management and governance.

CVSS Scores Are Dead. Let’s Explore 4 Alternatives

Conference: RSA Conference 2021

Abstract

Post a comment

Related work

Attacking and Defending Blockchains: From Horror Stories to Secure Wallets

How Do You Trust Open Source Software?

What We've Learned from Scanning 10K+ Kubernetes Clusters

Safely running untrusted code in your web application

So, SBOMs Matter…Now What? - Sophie Wigmore & Frankie Gallina

Kubernetes on Edge: Bringing Your Code to Constrained Places