Learn, hack!

URL

http://www.sourceconference.com/bos10pubs/VulnPanel.pptx

File name

VulnPanel.pptx

File size

164.6 KB

MD5

bd4dd1c51cc1666c4459122f87dc60bc

SHA1

ae8b1c2f7c1c159b7dd4c2b396e54bcf2a26576f

Vulnerability management - how tough can it be? Vulnerabilities are identified, categorized, and then (hopefully) fixed through patches or upgrades. Simple enough, right? Actually, the process is far from simple, as anyone who has worked in the area of vulnerability management can tell you. Identifying vulnerabilities through a slew of vendor alerts, vulnerability databases, and third-party references is only the first step. From there, solutions must be identified, fixes obtained and tested, patch and upgrade deployments scheduled, and then monitor the whole mess... until the next patch cycle comes around so you can start the process all over again. This panel will discuss various aspects of the vulnerability management cycle: the assignment of common names for easy identification, using available information to gather appropriate remediation measures, pros and cons of patch testing, and how vulnerability management can be improved as an overall process. Join panelists Chris Wysopal of Veracode, Steven Christey and Bob Martin of MITRE Corporation, Jonathan Klein of Broadridge Financial Solutions, Kelly Todd of Tenable Network Security and moderator Carole Fennelly of Tenable Network Security as they look at vulnerability management: what works, what doesn't work, and what can be done to help improve processes, procedures, and remediation techniques