![Software Engineering Institute (SEI) Podcast Series artwork](https://is5-ssl.mzstatic.com/image/thumb/Podcasts113/v4/74/4c/20/744c209c-570e-f609-f4ab-23ad6c680dc8/mza_2854736445903420738.jpg/100x100bb.jpg)
A Stakeholder-Specific Approach to Vulnerability Management
Software Engineering Institute (SEI) Podcast Series
English - October 27, 2020 11:43 - 37 minutes - 44.2 MB - ★★★★★ - 18 ratingsTechnology Science futuretech softwareengineering cybersecurity Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Optimizing Process Maturity in CMMC Level 5
Next Episode: Challenging the Myth of the 10x Programmer
Many organizations use the Common Vulnerability Scoring System (CVSS) to prioritize actions during vulnerability management. This podcast—which highlights the latest work in prioritizing actions during vulnerability management—presents a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that avoids some problems with CVSS. SSVC takes the form of decision trees for different vulnerability management communities. During this podcast, CERT vulnerability researchers Eric Hatleback, Allen Householder, and Jonathan Spring discuss SSVC and also take audience members through a sample scoring vulnerability.