![]() ![]() This report provided guidance for how an analyst can utilise CVSS as part of a risk assessment for a medical device. Particularly following the January 2019 publication of the Rubric for Applying CVSS to Medical Devices. There is a whitepaper pending from these speakers which will be of interest to all medical device manufacturers and medical security professionals. Their research ultimately delivered a few dozen data points that helped them to understand the probability of a vulnerability being exploited. During the talk, Jacobs and Roytman showcased findings they gathered from tens of thousands of vulnerabilities, CVSS scores, CVE, NVD, scraping mailing lists and collected data feeds. Instead, they outlined the merits of an open prioritisation model. By the presenters’ estimation, this solution is only 5-7% efficient. Ordinarily, only vulnerabilities with a score of 7 or above are addressed. ![]() The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score. The pair discussed the vulnerabilities of using the CVSS model. One of the most fascinating talks of the week was delivered by data scientists Jay Jacobs of Cyentia and Michael Roytman of Kenna Security. Industry experts are now convening on the viability of this idea and how it can be implemented without the need for government regulation. So, why is there such limited visibility with regards to coding or impetus on software suppliers to track third party dependencies? With this initiative, NITA is working towards a more uniformed approach to a transparent supply chain management. You wouldn’t sell a nutritional product without sharing its ingredients or produce a piece of machinery without accounting for every component within it. ![]() The motivation for SBOM is relatively simple. The Software Bill of Materials (SBOM) promotes transparency of what software components are being used across the entire device supply chain. Friedman shared some initial results on a multi-stakeholder initiative launched by the NITA. This 25-minute talk was held by Director of Cybersecurity Initiatives at the US Department of Commerce, NTIA, Allan Friedman. ![]() Transparency in the Software Supply Chain: Making SBOM a Reality However, there were two keynote speeches that caught our attention and we wanted to highlight. Black Hat Highlightsįor Nova Leah, a huge majority of the Black Hat conference was spent interacting with industry colleagues, learning from medical manufacturers and introducing people to SelectEvidence(R), the first risk management tool in the world to deliver medical device compliance across multiple international standards. In this article, we share our insights and key takeaways from both events. Discoveries shared by researchers during keynote speeches, training sessions and demonstrations provide a real insight into the next generation of cyber security threats and are often one step ahead of cyber criminals. Participating in these kinds of events gives members of our teams a better understanding of both defensive and offensive strategies in the cybersecurity space. This year, Nova Lea h teams were present at both Black Hat and DEFCON. For winners, organisers of the Car Hacking Village offered up an almost new Tesla. One of the most eye-catching events was a hacking competition based on automotive vulnerabilities. US government agencies also actively challenged hackers to find weaknesses in their systems. For example, at this year’s event, a group of hackers used Netflix accounts to steal banking information, which became a worldwide news story. Think carnival atmosphere, hacking competitions and live attempted hacking of security systems. Whereas Black Hat is much more business-orientated and is aimed specifically at CSO’s and InfoSec security professionals, DEFCON is more informal and aimed at the hacker community. Industry professionals share the latest research on vulnerabilities, defensive strategies and newly discovered hacking techniques.ĭEFCON, which Moss previously founded in 1993, is typically held immediately after the Black Hat conference. Tackling the issue of internet security from opposing angles, these two hacker events are among the oldest InfoSec conventions in the United States.įounded in 1997 by Jeff Moss, Black Hat is a computer security conference that provides security consulting, training and briefings to hackers, corporations and government agencies around the world. Dual conferences held back to back, Black Hat and DEFCON, provide a 360 view of today’s security landscape. Every August, thousands of cybersecurity professionals and top security minds descend upon Las Vegas to experience what has become one of the biggest weeks in the information security calendar. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |