Daniel Kennedy’s Post

The theme of #RSAC2024 is "The Art of Possible," with the description highlighting that "we must go beyond ones and zeroes." Ones and zeroes, an allusion to binary or on/off states, is an excellent metaphor for some of the challenges we face in application security, and the shift in issue prioritization we are seeing emerge in an operating space where there are too few hands on both the development and security side to address the number of issues our scanners are throwing off. No longer can the answer be "the CVE (common vulnerabilities and exposure) score is this," or "the scanner found this signature." Issues require risk-based context: Is the vulnerability reachable or exploitable? Is it being exploited, or is the code where it is present even used? Is the vulnerability exposed to the public networks? Answers to these and a host of other questions allow teams stretched thin to know where to allocate their time. At RSA, I will be paying close attention to application security solutions that have adjusted to this new usability requirement and have a coherent story around prioritization that goes beyond "a public database says this." Ref: https://lnkd.in/eEr5ZyQu

  • No alternative text description for this image

To view or add a comment, sign in

Explore topics