Too Much Already, Supply Chain Security? a Sensible Approach to Rating True Potential Vulnerabilities Is Needed. (R02c)
Each day, around 140 new Common Vulnerabilities and Exposures (CVE) are filed into the European Union Vulnerability Database (EUVD). But only a fraction of CVEs represents true potential vulnerabilities. The core problem is that CVEs are assessed without taking product context into account. Arriving at worst-case scenarios that almost certainly will not materialize. The speakers present how basic threat modelling and product platform considerations lead to a much more sensible rating of potential and exploitable vulnerabilities.