Overcoming CVE Shock - Adding Perspective in Vulnerability Scanning
Conference (BEGINNER level)
Room 9

"CVE shock" is the state of total helplessness felt by a dev or security engineer facing the overwhelming list of CVEs returned by the vulnerability scanner. Sound familiar?

We'd like to bring you a therapeutic and cathartic rant session for those who have felt "CVE shock" firsthand, with a goal to turn that frown upside down, and demonstrate through real code examples, that there is hope!

In this talk we'll share the findings from a security research project on the state of application behavior in containers. This research was conducted on existing cloud native projects and with some script magic, and will shed light on the most popular packages actually used in your containers. With this information in hand, we were able to automatically identify the relevant CVE for the most popular applications and packages, and discard those that are irrelevant. This utility can also be used to produce VEX documents that align with industry processes and standards.

We are going to present the research, the automation and code samples, and how you can leverage these to reduce the noise, and only focus on the CVEs relevant to your application.

Ben Hirschberg

Ben is a veteran cybersecurity and DevOps professional, as well as computer science lecturer. Today, he is the co-founder at ARMO, with a vision of making end-to-end Kubernetes security simple for everyone, and a core maintainer of the open source Kubescape project. He teaches advanced information security academically in both undergrad and graduate courses. In his previous capacities, he has been a security researcher and architect, pen-tester and lead developer at Cisco, NDS and Siemens.