Join Us At Hacker Summer Camp

See Tod Beardsley at Black Hat USA!

We’ll be at Summer Camp all week, keeping things spicy at Black Hat and beyond.

lanyard-rope
lanyard-clip

Black Hat USA 2025

Vulnerability Haruspicy: Picking Out Risk Signals from Scoring System Entrails

TBA

Presented by:
Tod Beardsley

Vulnerability scoring is supposed to bring order to the chaos of risk management, but in practice, it can feel more like reading tarot cards or poking at entrails than applying science. CVSS performs monkey math to force fractal bell curves, EPSS tries to predict exploitation with statistical black magicks, and SSVC ditches math entirely in favor of structured gut feelings.

Meanwhile, defenders mix and match shortcuts — KEV lists, vendor advisories, and lived experience — to separate the truly urgent from the merely annoying. But are we actually making better risk decisions, or just using these frameworks to justify what we were going to do anyway?

This talk will dig into the strengths, weaknesses, and absurdities of CVSS, EPSS, and SSVC, comparing them to the reality of how security teams actually handle vulnerabilities. This talk will explore where these models help, where they mislead, and whether any of them are meaningfully better than rolling a D20 saving throw vs exploitation. Expect debate, disagreements, and plenty of astrology jokes.


More Great Things From Tod

Reports
Divining Risk: Deciphering Signals From Vulnerability Scores
Vulnerability scores promise clarity, but too often just add to the noise. In this report, we analyze signals from over 270,000 CVEs to reveal what...
runZero Research
CVSS, EPSS, and SSVC: How to Read Between the Vulnerability Scores
Learn about strengths and limitations of each scoring systems – and how to best leverage them inform your triage strategy.
Podcasts
From Vulnerability to Visibility: Rethinking Exposure Management
Learn how exposure management is evolving and how organizations can move from simply identifying vulnerabilities to gaining true visibility and...
Webcasts
Unknown Assets: A Lurking Threat to Network Security
In this EcoCast, presented by Tod Beardsley VP of Security Research, discusses proactive strategies for defending against zero-day exploits and...

More Summer Camp Talks!

August 4
The Diana Initiative
We’re proud to sponsor The Diana Initiative and support their mission to drive diversity and inclusion in cybersecurity.

Join us at their annual conference, where runZero founder and CEO HD Moore will be speaking about the power of community building.

Stop by our table to connect with the runZero team, pick up some fun swag (including our signature blinky badge), and maybe even meet our mascot, Zeti!

We look forward to seeing you!
Learn More
August 4 — 11am PDT
Turbo Tactical Exploitation: 22 Tips for Tricky Targets
Join HD Moore as he delivers rapid-fire, practical tips to help you spot valuable targets faster, pivot smarter, and skip the noise. From recon to lateral movement (and everything in between), these techniques are built for speed and getting the most out of every packet, port, and pivot.

Whether you’re on a red team or just want to better understand your exposure, you’ll leave with new ways to spot weak links fast — and exploit them even faster.

Don’t miss this session!
Learn More
August 9
Shaking Out Shells with SSHamble
Secure Shell (SSH) is finally fun again! After a wild two years, including a near-miss backdoor, clever cryptographic failures, unauthenticated remote code execution in OpenSSH, and piles of state machine bugs and authentication bypass issues, the security of SSH implementations has never been more relevant.

This session is an extension of our 2024 work (Unexpected Exposures in the Secure Shell) and includes new research as well as big updates to our open source research and assessment tool, SSHamble.

Grab a good seat for this one!
Learn More
TBA
There and Back Again: Detecting OT Devices Across Protocol Gateways

Join Rob King, Director of Security Research, as he explores the security implications of IT/OT convergence, with deep dives into OT protocols and device discovery — even behind legacy protocol gateways.

If your organization uses operational technology, you won’t want to miss this session.

Book some 1:1 time

Meet with us during Summer Camp