Just a quick note to make those in the New York area aware, I’ll be bringing my BayThreat talk on standards such as SCAP and WASC-TC to OWASP New York and OWASP New Jersey. If you find yourself in town February 9th or 10th be sure to stop by to talk AppSec and vulnerability management. A synopsis of the presentation is below:
Using Open Standards To Break The Vulnerability Wheel Of Pain: Vulnerability management has become a painful repeating process of assessing, reporting, prioritizing and mitigating. Coined as the Hamster Wheel of Pain by Andy Jaquith, this process often includes teams of people slogging through a pile of spreadsheets trying to figure out what’s real, what’s important, and what was missed. By the time a security team gets through one spin of the hamster wheel they are already behind and the findings are piling up! By combining standards such as SCAP and the WASC Threat Classification with automation and workflow, teams can break out of the wheel of pain and make vulnerability management a viable effort across all layers of the stack.