Zoom Logo

The State of Vulnerability Remediation - Shared screen with speaker view
Wade Baker
21:20
If anyone has questions as we go through the findings, feel free to ask them here. I'll do my best to monitor and respond. Thanks!
Jim Cox
23:25
After remediation how does a company get back with SS to reassess for improved score?
Wade Baker
31:23
we'll look at this for exploited vulns in a moment
ERIC SMITH
34:07
Without knowing the severity of the vulns, it's difficult to draw conclusions from the statistics. Most orgs will fix high severity findings quickly but low severity findings can be put off for a long time.
ERIC SMITH
35:19
Thus overall security is improving at a faster clip than the raw numbers would suggest.
Jonathan Cran
38:22
Can you share a little more about how the vulnerabilities are detected? Were they discovered via CPE matching, or is there any active testing of vulnerabilities? Are there any trends in the vulnerabilties like ... app vs webserver vs network devices?
ERIC SMITH
41:13
Coming from someone who's worked in nuclear, they also tend to have the lowest number of exposed assets.
ERIC SMITH
42:05
I've also worked in healthcare. They're chronically underfunded, understaffed, and highly regulated. Not a good combo.
Jim Cox
01:03:25
SS for M&A would be of value I see. Same for how companies look at your business as a 3PR vendor.
ERIC SMITH
01:08:12
bleepingcomputer.com is an invaluable resource for keeping up with this kind of stuff.
Drew Nations
01:08:13
Cyentia does some great work!
Carolyn Gimarelli
01:10:09
Yes! We will be sending a follow-up with the link to the recording!
ERIC SMITH
01:11:24
Wades' collection of Star Wars stuff is impressive :D
Jim Cox
01:11:30
Voltron!