Should we even care about vulnerability severity scores?
Beers with Talos Podcast
English - March 16, 2023 08:00 - 43 minutes - 29.6 MB - ★★★★★ - 143 ratingsTechnology News Tech News security threat intelligence malware vuln dev day zeroday intel vulnerability Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Beers with Talos Ep. #130: Ransomware is a people problem (but getting rid of email helps)
Next Episode: The one where they talk a lot about wireless routers
Everyone fears the dreaded 10-out-of-10 CVSS severity score on a vulnerability with "critical" written somewhere on the advisory. But does that number even matter to an attacker or hypothetical defender? Matt, Mitch and Lurene discuss the various ways the security community classifies vulnerabilities and how potential targets can use that information to their advantage. They discuss patching strategies, potential security holes that attackers look for and real-world cases of vulnerabilities that have led to breaches or cyber attacks.
Other suggested talking points: