Vulnerabilities, CVEs and the attack surface

Listen as Stephen Pritchard, security and technology journalist at Security Insights, talks with Tod Beardsley, VP of Security Research at runZero, about vulnerabilities, CVEs, and the attack surface.

About the episode

The way we measure security threats is changing. As security has become a board-level priority, cybersecurity teams need to think in terms of risk.

But where does that leave vulnerability scores? Are venerable systems such as CVSS, and the CVEs that underpin them, still relevant?

Or could a focus on vulnerability scores be a distraction from the real threats?

The truth, as ever, lies somewhere in between. Vulnerability scores are still a very useful way of categorising risks within an application, and sharing that information. What they cannot do is map those exploits to an organisation’s network, or their own workflows, security measures or even, their business priorities.

That, though, is the CISO’s job. And, as our guest for this episode points out, today’s much more expansive and flexible networks really demand a cultural shift in how we think about the attack surface, and how we defend it.

Meet Our Speakers

todb

Vice President of Security Research

Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Resources

Podcasts
Why your firewall might be your biggest risk, HD Moore (ITSP Magazine)
Listen as HD Moore breaks down where our security doctrines came from, why some became obsolete, and which ones still hold water.
Podcasts
Microsoft tried to get me fired weekly — Adventures of Alice & Bob with HD Moore
James Maude and Marc Maiffret (Adventures of Alice & Bob Podcast) sit down with cybersecurity pioneer HD Moore, the legendary founder of the...
Podcasts
Top 3 internet threats that aren't in the headlines
Todd Beardsley, Vice President of Security Research at runZero, challenges conventional cybersecurity wisdom by highlighting three critical...
Podcasts
Understanding vulnerabilities, exploits, and cybersecurity (CISO Tradecraft)
CISO Tradecraft dives into the latest in cybersecurity vulnerabilities, exploits, and defense strategies with experts from VulnCheck and runZero.

See Results in Minutes

See & secure your total attack surface. Even the unknowns & unmanageable.