Jay Jacobs (Cyentia, US)
Jay Jacobs is the Chief Data Scientist at Cyentia Institute, the lead data scientist for the Exploit Prediction Scoring System (EPSS) and is co-chair of the EPSS special interest group at FIRST.
---
Vulnerability management is reactive. Day after day is spent reacting to newly discovered weaknesses, reacting to the latest headline, or reacting to reports of new exploitation activity. It is a relentless stream of information that requires constant attention, which means not a lot of time is spent in retrospection, until now. This talk will be looking back at several years of exploitation activity collected in the EPSS project and how they fall across the vulnerability landscape. Using the data, we will be addressing many of the common questions. How many vulnerabilities are being exploited? How widespread and sustained is exploitation? What patterns can we detect in exploitation? Should we focus more on zero-days or end-of-life vulnerabilities? Are there any clear indicators of exploitation activity before exploitation occurs? And many others!
8 май 2024