Vulnerability Management is Broken (Here’s How to Fix It) – WC #1

Full Segment Notes
Key Moments
  • 0:00 - Introduction: Why Vulnerability Management is Broken
  • 02:30 - What “Vulnerability Management” Really Means Today
  • 05:00 - CVEs vs Real-World Risk (Huge Gap)
  • 08:00 - Why Most Vulnerabilities Don’t Matter
  • 10:00 - EPSS, CVSS, and Broken Prioritization
  • 13:00 - The First Scan Problem (Millions of Findings)
  • 16:00 - Why Your Scanner is Missing Half Your Environment
  • 18:30 - Auth Failures = Your Biggest Risk
  • 21:00 - Default Credentials & “Invisible” Vulnerabilities
  • 24:00 - Why Pentests and Scanners Don’t Overlap
  • 27:00 - How Attackers Actually Get In
  • 30:00 - Only a Few CVEs Actually Matter
  • 33:00 - The “Too Much Data” Problem
  • 36:00 - Risk-Based Vulnerability Management (Flaws)
  • 39:00 - Asset Visibility is Everything
  • 42:00 - Finding Unknown Assets (Real Techniques)
  • 45:00 - External Attack Surface vs Internal Reality
  • 48:00 - Intel-Driven vs Scan-Driven Security
  • 51:00 - Rapid Response vs Traditional Scanning
  • 54:00 - How to Tell If Your Program is Broken
  • 57:00 - Final Takeaways: What Actually Works

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

You can skip this ad in 5 seconds