Full Segment Notes
Drowning in CVEs? Learn why traditional vulnerability management fails and how reducing attack surface, prioritization, and minimal container images can dramatically improve real risk reduction.
Thank you to our sponsor for this webcast, Minimus!
Still chasing thousands of vulnerabilities? Learn how modern security teams are reducing risk at the source: register for upcoming webcasts at https://scworld.com/webcasts
Key Moments
- 0:00 - Introduction & Topic: Risk vs CVEs
- 02:30 - Why Vulnerability Volume Is Exploding
- 05:00 - Containers vs Traditional Patching
- 07:30 - Dev vs Security Friction Explained
- 10:30 - Why Only 10% of Vulnerabilities Get Fixed
- 13:00 - Prioritization, Exploitability & Reality
- 16:00 - Why CVSS Alone Isn’t Enough
- 18:30 - The Problem with “Noise” in Security
- 21:00 - Rethinking Vulnerability Management
- 23:00 - Minimus Approach: Minimal Containers
- 25:30 - Reducing Attack Surface at the Source
- 27:30 - Mean Time to CVE Explained
- 30:00 - Why Less Software = Less Risk
- 32:30 - Developer Experience & Better Signal
- 35:00 - Real Example: Faster Patch Turnaround
- 38:00 - Hardening vs Reduction Explained
- 41:00 - Why Old Vulnerabilities Keep Reappearing
- 44:30 - Dependency Hell & Supply Chain Risk
- 47:30 - How Adoption Actually Works
- 50:00 - Security + Dev Collaboration Model
- 52:00 - Key Takeaways & Final Thoughts
