Factors in Prioritization

October 27, 2022
Factors in Prioritization
Description

Prioritizing threat/vulnerability findings takes thought, a satellite cam, and a microscope if you don't have an AppSecOps platform at work. There's a lot to consider: criticality variance across tools (they don't come normalized out of the box), threat intelligence on CVEs, and tool/technique weight factors for starters. A major concept is the context around the app/sub-app/module associated with a finding. The software's dependencies, environment, provenance, and the sensitivity of its data are just a few values that affect priority.

Resources

About the Guest

Mark Lambert
Mark Lambert
VP of Products, Armorcode
Linkedin Logo
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor
Read more
Mark Lambert
Mark Lambert
VP of Products, Armorcode
Linkedin Logo
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor
Read more

Watch the episode here

Available on:

Episode 8

Factors in Prioritization

Prioritizing threat/vulnerability findings takes thought, a satellite cam, and a microscope if you don't have an AppSecOps platform at work. There's a lot to consider: criticality variance across tools (they don't come normalized out of the box), threat intelligence on CVEs, and tool/technique weight factors for starters. A major concept is the context around the app/sub-app/module associated with a finding. The software's dependencies, environment, provenance, and the sensitivity of its data are just a few values that affect priority.

Resources

Subscribe for updates

Please enter a business email
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.