Vulnerability Management in Software: Before Patch Tuesday

Thursday, July 16, 2015

11:00 AM - 12:00 PM PDT

60 minutes, including Q&A

Vulnerability Management in Software: Before Patch Tuesday - by Kymberlee Price
Vulnerability Risk Management 2.0 - by NopSec

The Secure Development Lifecycle (SDL) does not end when a product releases. Implementing SDL practices during design and development will improve your software quality but will never make it perfect; vulnerabilities will continue to be identified in your code or in the third party libraries that ship in your product. How you handle those vulnerabilities is crucial to the security of your customers (and can keep your company from ending up on the news for the latest 0-day). Learn about current vulnerability trends, practices and tools that can help developers, security response teams, and network administrators understand and effectively mitigate risk in their environments, and how to measure and report on vulnerability management KPIs to leadership, all without requiring a data science degree.

Brought to you by:



Kymberlee Price

Kymberlee Price

Kymberlee Price, BugCrowd, has over 12 years experience in the information security industry. Kymberlee pioneered the first security researcher outreach program in the software industry. Price later was a principal investigator in the Zotob criminal investigation, and analyzed APT's at Microsoft. She then spent 4 years investigating product vulnerabilities in BlackBerry's Security Response Team followed by an offensive security role as the Director of the Synack Red Team. Today she is responsible for directing the efforts of Bugcrowd's global team of more than 16,000 security researchers, optimizing vulnerability reporting performance for customers and researchers, and aiding 'the Crowd' with ongoing skill development and overall success in Bugcrowd programs.

Sponsor Presenter:

Steve Garrett

Steve Garrett

Steve Garrett is Director of Product Management at NopSec where he brings nearly 20 years experience overseeing product roadmap development, technology implementations, and Total Customer Experience programs across the information security industry. Prior to NopSec, Steve led product management for RSA's SIEM, Network Forensics, and Incident Detection technologies. He holds a B.S. from the University of Texas.

Sustaining Partners