Building Effective Vulnerability Risk Scoring Systems
2023-11-04 , TRACK 1

Vulnerability prioritisation calculations and scoring systems have been dominated by proprietary cyber security companies that want to sell their products with little explanation to how their systems work. By discussing and publishing openly available approaches and methodologies for everyone to source and calculate the risk of their vulnerabilities, the cyber security space will greatly benefit from further collaboration and access to affordable vulnerability management software. This talk aims to cover the current state of vulnerability risk scoring, highlighting its flaws, and then presenting an open methodology for empowering everyone to build their own bespoke vulnerability risk scoring systems.

Harri Renney holds a PhD in Computer science from the University of the West of England. Since graduating, Harri has worked for Kaze Consulting Ltd where he works with clients to implement innovative technologies backed by evidence based research into their organisations.