CVE CVSS NVD OMGWTFBBQ presented at BSidesLasVegas 2018

by Josh Corman, Art Manion, Tom Millar, Katie Trimble, Margie Zuk, Seth Carmody,

Summary : The Common Vulnerabilities and Exposures (CVE) list, the Common Vulnerability Scoring System (CVSS), and the U.S. National Vulnerability Database (NVD) are fundamental pillars of infosec, providing a common taxonomy for discussing vulnerabilities and their potential severity. Despite their critical role, and how much depends on these frameworks, there remain issues with each, especially when applied to human life and public safety impacts.This panel will educate the audience on why so many acronyms are necessary in our collective attempt to grapple with the proliferation of security vulnerabilities in basically everything. We’ll talk about approaches that have tried and been somewhat successful; approaches that have tried and seem to have failed; and what we want to see change for the future, because your existence depends on good wi-fi now.Each panelist (and the moderator, in a clear violation of the rules) will an issue they believe are wrecking, or are about to wreck, modern civilization (in the scope of networked technology. Not in scope: ultraviolet rays, WMD proliferation, the greenhouse effect, or other non-digital things). After the panelist round-robin, we’ll go to open Q&A with the coalition of attendees, who are encouraged to be constructive. At the end, the mighty Casey will most likely strike out, but Sisyphus always has a shoulder to cry on.