Hacking Remediation: How to Prioritize What Actually Matters (CVSS vs EPSS + Reachability) скачать в хорошем качестве

Hacking Remediation: How to Prioritize What Actually Matters (CVSS vs EPSS + Reachability)

This episode of Super Cyber Friday is all about one of the hardest problems in AppSec: remediation. Not just finding vulnerabilities, but deciding what to fix first, how to avoid breaking production, and how to work with engineering instead of against them. Featuring: • Joe Harrington – Senior Security Engineer, Principal Financial Group • Matt Brown – Solutions Architect, Endor Labs We cover: • Why “fix everything” doesn’t work in modern software environments • How to use CVSS + EPSS together to filter noise • Where reachability analysis helps cut alerts to only what your code actually touches • Safe upgrades vs. virtual patching • How to estimate remediation effort + set realistic SLAs • Building trust between AppSec & engineering teams • Where AI helps…and where it introduces new risks This conversation is for AppSec engineers, platform teams, and security leaders trying to move remediation from theoretical to shippable. Chapters: 0:00 Good advice, bad advice, worse advice 2:10 Why “fix everything” fails 7:20 CVSS vs. EPSS 12:45 Using reachability & call graphs 19:30 Safe upgrades without breaking builds 26:50 SLAs + estimating remediation 34:20 Security champions and dev collaboration 41:05 Postmortems that actually help 48:15 Where AI helps (and hurts) code security