BloomTech’s Downfall: A Long Time Coming

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

How CVSS is DOSsing Your Patching Policy - and Wasting Your Money

Black Hat via YouTube

Start learning Write review

Overview

This course aims to help participants understand the limitations of using the Common Vulnerability Scoring System (CVSS) as a risk metric for vulnerabilities and a prioritization metric for patching policies. By analyzing real attack data, the course demonstrates that relying solely on CVSS scores can lead to significant over-investment in patching. The teaching method includes practical examples, case studies, and statistical analysis to illustrate the inefficiencies of the CVSS approach. The course is designed for cybersecurity professionals, risk analysts, and individuals involved in vulnerability management within organizations.

Syllabus

Introduction
Vulnerabilities
What is CVSS
Double Vision
Insecurity
Data Sets
Distribution
Exploitability
Case Control Study
Comparison
Example
Sensitivity
Sensitivity vs Specificity
Pacing
Visualizing CVSS
Patching Policy
National Grid
Batches
Shock Analysis
CVSS Score
Temporal Scores
Temporal Information

Taught by

Black Hat

Reviews

Start your review of How CVSS is DOSsing Your Patching Policy - and Wasting Your Money

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.