- Resilient Cyber
- Posts
- S3E18: Jacques Chester
S3E18: Jacques Chester
Vulnerability Scoring and Software Supply Chain
In this episode of Resilient Cyber, Chris Hughes and Dr. Nikki Robinson talk with Jacques Chester from Shopify about the intricacies of vulnerability scoring and the evolving landscape of software supply chain security. Jacques, a key contributor to the Ruby Dependency Security team at Shopify, shares insights on how organizations can improve their approach to vulnerability management and navigate the challenges of securing open-source software.
🔑 Key Highlights:
CVSS Critique: Jacques provides a deep dive into the Common Vulnerability Scoring System (CVSS), discussing its widespread use and the critiques it faces from security professionals. Learn why organizations should not rely solely on CVSS scores when prioritizing vulnerabilities.
EPS and Beyond: Discover the emerging Exploit Probability Scoring System (EPS), which aims to improve on CVSS by offering a more data-driven approach to assessing vulnerability exploitability.
Real-World Impact: Jacques shares practical advice for organizations overwhelmed by the volume of vulnerabilities, including how to better prioritize remediation based on system criticality and vendor-specific configurations.
Software Supply Chain Security: Jacques discusses his work with the OpenSSF and the importance of securing software repositories. He highlights the efforts to rank project risk and ensure the security of critical open-source projects.
Resiliency in Cybersecurity: Jacques and the hosts explore what it means to build a resilient cybersecurity program in the face of evolving threats, especially with the rise of software supply chain attacks.