|Organizers||Sherif Mansour Sherif Mansour , Steve Springett Steve Springett , Orid Ahmed Orid Ahmed|
Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/291298605
Or iPhone one-tap : US: +16699006833,291298605# or +16468769923,,291298605# Or Telephone: Dial(for higher quality, dial a number based on your current location): US: +1 669 900 6833 or +1 646 876 9923 Singapore: +65 3158 7288 United Kingdom: +44 (0) 20 3695 0088 or +44 20 3051 2874 Meeting ID: 291 298 605 International numbers available: https://zoom.us/u/ekps90NHw
And it is 4:00 pm
Sources of vulnerability intelligence, such as the National Vulnerability Database, are used throughout the industry and are an essential datasource for many commercial and open-source projects. From a software security perspective, the data available is often not adequate to identify A9 - Using Components with Known Vulnerabilities.
This is a working session between OWASP leaders and representatives of MITRE, NIST, and other agencies to discuss the current state of vulnerability intelligence, gaps in various areas, and ideas for future improvement.
Advances in bill-of-material formats, such as CycloneDX have taken a security-first approach, and efforts to combat vastly different ways to identify a component and its place in its respective ecosystem have resulted in the PackageURL specification. These specifications are used throughout OWASP Dependency-Track.
Short presentations will be given that cover the various areas to “level-set” the working group and provide a common base of understanding in which to work from.
This session seeks to achieve collaboration between the various parties and produce ideas for future improvement and innovation.
Register as participant
To register as participant add
Vulnerability Intelligence Working Group to either:
sessionsmetadata field from your participant's page (find your participant page and look for the edit link).
- or the
participantsmetadata field from this git session page
Back to list of all Working Sessions