From the course: Vulnerability Management: Assessing the Risks with CVSS, CISA KEV, EPSS, and SSVC
Join today to access over 25,300 courses taught by industry experts.
Intro to SSVC
From the course: Vulnerability Management: Assessing the Risks with CVSS, CISA KEV, EPSS, and SSVC
Intro to SSVC
- [Instructor] In 2019, researchers at Carnegie Mellon University and the US Government Agency for Cybersecurity, CISA, started to develop a better way to prioritize vulnerability remediation, given the limitations of severity scoring systems like CVSS. In 2020, CISA worked with CMU to develop SSVC, the Stakeholder Specific Vulnerability Categorization framework. It's a decision tree model that's designed to guide organizations in responding to vulnerabilities. It's heavily used in the US government as well as state, local, tribal, and territorial governments, as well as critical infrastructure entities. SSVC allowed CISA to better prioritize CISA's vulnerability response and vulnerability messaging to the public. In fact, CISA used SSVC for its first publication of KEV vulnerabilities in 2021. CISA encourages every organization to use a vulnerability management framework that considers a vulnerabilities exploitation status, such as SSVC. Next, we'll take a look at the four elements…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.