S4E17: Resilient Cyber w/ Yotam Perkal

Vulnerability Management & Modernization

Author

Chris Hughes
May 12, 2023

In this episode, Chris Hughes and Dr. Nikki Robinson talk with Yotam Perkal, head of vulnerability research at Resilient. They delve into the challenges of modern vulnerability management, the growing complexities of software ecosystems, and the role of automation in scaling vulnerability prioritization. Yotam shares his thoughts on software supply chain security, the future of vulnerability management, and the importance of industry collaboration in building more resilient systems.

Key Highlights:

  • Vulnerability Management Backlog: Organizations are struggling with over 100,000 vulnerabilities, making it difficult to prioritize and remediate effectively. Yotam highlights the role of DevOps and the widespread use of third-party and open-source code as contributing factors.

  • Automation and Context: To handle the overwhelming number of vulnerabilities, Yotam emphasizes the need for automation and the importance of adding context—such as exploitability and environmental relevance—to vulnerability management.

  • SaaS and Open Source Software: Open source software has brought visibility but also complexity, with organizations now needing to manage not only their own code but also dependencies that increase their attack surface.

  • Future of Vulnerability Management: Yotam believes the future will shift towards prioritizing vulnerabilities based on their real-world impact, rather than just criticality scores. Exploitability will be a key factor in this evolution.

  • S-BOM and VEX: Yotam discusses the importance of software bill of materials (S-BOM) and Vulnerability Exploitability eXchange (VEX) for providing transparency into software components and reducing noise by identifying non-exploitable vulnerabilities.

  • Collaboration: Yotam stresses that solving the challenges of vulnerability management requires industry-wide collaboration between security researchers, data scientists, and cybersecurity professionals.

  • Resilience through Automation: Automation plays a crucial role in freeing up human resources to focus on strategic decisions and proactive risk management, which are key to cyber resilience.

#VulnerabilityManagement #SaaSSecurity #SoftwareSupplyChain #SBOM #CyberResilience