Kenna Security is now part of Cisco

|Learn more

Measuring vs. Modeling

Dec 10, 2013
Andrea Bailiff-Gush

Share with Your Network

This month our data scientist Michael Roytman is featured in the USENIX Association’s Journal alongside Dan Geer. Their article harkens back to our long-running theme of focusing on remediating the vulnerabilities which _actually_ generate risk for your environment. Michael and Dan argue that using CVSS as a guide for remediation is not only ineffective at identifying vulnerabilities likely to be exploited, it is also a less cost-efficient way to run a security practice.

To quote from the article…

“Using CVSS to steer remediation is nuts, ineffective, deeply
diseconomic, and knee jerk; given the availability of data it is also
passé, which we will now demonstrate.”

Take a look at the article for yourself: https://www.usenix.org/system/files/login/articles/14_geer-online_0.pdf

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.
DOWNLOAD NOW
eBooks

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...
DOWNLOAD NOW

Videos

Videos

Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...
READ MORE
FacebookLinkedInTwitterYouTube

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.