Loading…
Security BSides London, the UK’s biggest community-driven infosec conference is happy to announce its 8th iteration open to all regardless of background, skill level, income or job-title.  
  • Doors to the main event open at 8.30am with talks starting at 9am on 6 June 2018
  • Workshops will be held on 5 June 2018 starting at 10am; Pre-registration is required
Please remember that Security BSides London has a strict code of conduct available here.
Back To Schedule
Wednesday, June 6 • 13:30 - 14:00
CVSS - The Good, The Bad and The Ugly.

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Human nature looks for shortcuts and can lead to “lets focus on the critical and high vulnerabilities then we may be able to fix the others later” which is a classic cause of technical debt.  From a simple logic perspective this makes sense but fails to address chained vulnerabilities that represent a high or critical vulnerability, but individually are less impactful.  CVSS scoring has its place, but its not a pure numbers game when it comes to securing your systems, you need to think more like a hacker in defending your information.
 
At MoJ I break things and find out how secure systems really are, in Feb 17 I found a high severity vulnerability in a high end Cisco data centre device.  This was a CVSS8.8 but became several low risk vulnerabilities when disclosed to Cisco through responsible disclosure.

Speakers
avatar for Greg Smith

Greg Smith

Ministry of Justice
Greg currently works as for the Ministry of Justice where he is employed as a Senior Security Engineer within the Digital & Technology team, working closely with other government departments including GDS & NCSC. His role encompasses penetration testing, security monitoring and implementation... Read More →


Wednesday June 6, 2018 13:30 - 14:00 BST
Track 3 (upstairs) ILEC Conference Centre 47 Lillie Road London SW6 1UD