Episode 24

Using Threat Intelligence to Optimize your AppSecOps Program

Threat intelligence is nothing new, but in the case that leveraging it to improve your application security operations is a novel prospect, we're here to break the ice. Like most things in security, it starts with a few acronyms: NVD (the National Vulnerability Database), which provides a threat feed of CVEs and their corresponding CVSS severity score; and CISA's KEV (Known Exploited Vulnerabilities catalog), offering a more "IRL" picture of application risks. AppSec program builders needing more context than these open source databases provide have the option to go the paid route—recruiting a vendor's help in determining which exploited vulns pose a legitimate threat to their org, and how best to prioritize them.

Resources

Episode Writeup

Subscribe for updates

Please enter a business email
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Please enter a business email
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.