In this session, Tod Beardsley (runZero) and Mark Lambert (ArmorCode) discuss the escalating challenge of managing vulnerability noise in the era of AI. Lambert explains that ArmorCode acts as an aggregation and correlation layer for vulnerability data, pulling findings from hundreds of different scanners — including code, infrastructure, and software supply chain tools — to identify root causes and reduce the sheer volume of alerts. By correlating multiple findings back to a single issue, the platform helps organizations shift from a purely severity-oriented approach to a more effective risk-oriented prioritization strategy.
The conversation highlights the critical role of vulnerability intelligence and environmental context in determining what actually needs fixing. Lambert describes how ArmorCode leverages threat intelligence like CISA KEV and EPSS to identify which vulnerabilities are being exploited in the wild, while integrating with platforms like runZero to gain insight into whether an asset is externally facing or critical to business operations. This unified exposure management approach extends beyond traditional CVEs to include internally discovered vulnerabilities from penetration testing and weaknesses identified through static analysis (SAST), providing a comprehensive view of an organization's true security posture.
Meet Our Speakers
todb
VP of Security Research, runZero
Get the latest news and expert insights delivered in your inbox.
