CVE 101: The Unfolding Of A Zero Day Attack

Theresa Mammarella

Saturday 4 November 2023 from 13:00 to 13:50

Talk in English - US at Longhorn PHP Conference 2023
Track Name: Ballroom C&D
View Slides: https://www.slideshare.net/TheresaMammarella/longhornphp-cve-101pdf
Short URL: https://joind.in/talk/d89d1 (QR-Code (opens in new window))

Avg. Rating

Just what is a Zero day attack? When does the clock start ticking? What happens next?

In this talk we’ll cover how the CVE process works, explore the timelines of a few famous CVEs and uncover the truth about ethical reporting.

As Cyber Attacks become an existential threat it’s critical that all software developers understand the role the CVE process plays in helping us keep our defenses strong - and where it can go wrong or be subverted.

From bug bounties and bad actors to unsung developer heroes and incredible researchers it’s time to buckle up for a wild ride as we show you what CVEs are really all about.

Comments

Comments are closed.

Greg Fox at 13:17 on 4 Nov 2023

Really important talk and specifically love the notes about scoring context.

Joseph Leedy at 13:32 on 4 Nov 2023

Great talk with lots of relevant and timely information.

Mark Niebergall at 13:46 on 4 Nov 2023

Really good talk going into the security vulnerabilities world. Nice run down of CVSS scores, explaining risk, zero days, and exploits. Good information to cover.

Jim Wigginton at 13:53 on 4 Nov 2023

Good talk! A PHP specific solution for this that I think the talk would have done well to mention is https://github.com/Roave/SecurityAdvisories . The idea with that is that you install that as a dependency and then it conflicts with any dependencies for which a CVE has been published. Not sure if Java has anything like that but it's a neat idea!

Joseph Thayne at 14:07 on 4 Nov 2023

Always struggled with how the CVE process works and what it is. This was really informative and helpful. Thank you.

Florian Engelhardt at 14:16 on 4 Nov 2023

Great talk on a very important topic and full of helpful and practical advice. Well delivered

Mark Junghanns at 14:41 on 4 Nov 2023

Interesting talk. Thanks for the reminder to keep the security.md file in mind.

Ben Ramsey at 15:18 on 4 Nov 2023

Great information. I’ve known about CVEs for a long while, but I never knew much of how the process worked. This real helped me have a better understanding of that process and the infosec world as a whole.

Ariane Dupaix at 15:39 on 4 Nov 2023

Great primer on CVE process and resources for us to review and utilize.

Steve Grunwell at 16:12 on 4 Nov 2023

Super informative and presented in a way that didn’t assume everyone was deep in the InfoSec space.