The Death and Rebirth of Vulnerability Management

The year is 2025. We have successfully built a process that takes creative, complex, and innovative security research and turns it into the dullest workflow imaginable. Vulnerability management is now a checkbox feature in every major IT product suite. The few remaining first-wave vulnerability scanners have long-since shifted investments into adjacent markets to maintain their growth. Security teams struggle to piece data together from disparate tools. Aggregation products and a funnel-based prioritization process have become the norm, but attackers are still winning. There are a few bright spots on the horizon, but the path between here and there isn’t clear.

This session will dig deep into the state of vulnerability management and explore the effectiveness of modern tools at preventing real-world incidents. This will include an analysis of vulnerability coverage, detection methods, and their tradeoffs between traditional vulnerability scanners, endpoint-based vulnerability management, and the bleeding edge of open source security tools.