Enterprise Security Weekly Subscribe

Vulnerability Management, Governance, Risk and Compliance, Risk Identification/Classification/Mitigation

Getting Vulnerability Management Back on the Rails – Patrick Garrity – ESW #356

April 4, 2024

NVD checked out, then they came back? Maybe?

Should the xz backdoor be treated as a vulnerability?

Is scan-driven vulnerability management obsolete when it comes to alerting on emerging threats?

What were some of the takeaways from the first-ever VulnCon?

EPSS is featured in over 100 security products, but is it properly supported by those that benefit from it?

How long do defenders have from the moment a vulnerability is disclosed to patch or mitigate it before working exploits are ready and in the wild?

There's SO much going on in the vulnerability management space, but we'll try to get to the bottom of some of in in this episode. In this interview, we talk to Patrick Garrity about the messy state of vulnerability management and how to get it back on the rails.

Segment Resources:

Full episode and show notes

Announcements

Google has announced that they will be shutting down the Google Podcasts platform in mid-2024. To ensure that you don't lose access to the Security Weekly content you know and love, please make sure that you subscribe to your favorite podcasts feeds on an alternative platform such as Spotify, YouTube Music, Amazon Music, Apple Podcasts, Overcast, Podcast Addict, PocketCasts, or anywhere else you listen to podcasts! Visit securityweekly.com/subscribe to find the buttons to subscribe to each show now!
On the evening of Monday, May 6, 2024, W2 Communications and CyberRisk Alliance are bringing CYBERTACOS back to San Francisco! If eating FREE tacos, sipping on margaritas and mingling with cyber professionals from all over the world sounds good to you, make sure to register to secure your spot! Visit securityweekly.com/cybertacos to RSVP today!

Guest

Patrick Garrity

Security Researcher at VulnCheck

Patrick Garrity is a security researcher at VulnCheck where he focuses on vulnerabilities, vulnerability exploitation and threat actors. Having worked in the cybersecurity professional with over 15 years of experience in security research, marketing, sales, and product roles for high-growth SaaS cybersecurity startups including VulnCheck, Nucleus Security, Blumira, Censys and Duo Security.

Hosts

Adrian Sanabria

Principal Researcher at The Defenders Initiative

https://adriansanabria.com

Lead Product Manager at Monad

https://www.cybersecuritypulse.net/

Related

Vulnerability Management

Google DeGoogled, Hammerbarn, Blofeld, VMWare, DeepData, SafePay, Josh Marpet and… – SWN #432

November 19, 2024

Google DeGoogled, Hammerbarn, Blofeld, VMWare, DeepData, SafePay, Josh Marpet and more on the Security Weekly News.

Industry Regulations

Similarities Between SOX And SEC’s Cyber Rule – Padraic O’Reilly – BSW #373

November 18, 2024

The Sarbanes-Oxley (SOX) Act was a watershed moment in corporate governance, fundamentally altering how companies approached financial reporting and internal operational controls. By holding executives personally accountable for the accuracy of financial reports, SOX restored investor confidence in the wake of corporate malfeasance. The SEC's new...

Vulnerability Management

Granny Bots, Microsoft, Shrinklocker, SlugResin, BlueSky, Aaran Leyland, and More… – SWN #431

November 15, 2024

Granny Bots, Microsoft, Shrinklocker, SlugResin, BlueSky, Aaran Leyland, and More, on this edition of the Security Weekly News.