Mário Leitão-Teixeira
I work in AppSec at Checkmarx. I hear 'vulnerability' daily, and I'm never sick of it. I dub myself a 'self-certified idiot' because I love learning and hatching ideas. So much I've made brainstorming a hobby and kickstarted a team initiative to keep us on the pulse of InfoSec. That results in learning about critical vulnerabilities before they become widely exploited, and we knew about CVSSv4 before it was cool.
Well, the version 4 isn't cool yet, but in the meantime, I've researched and come up with this talk. Why? It's cool, CVSS is still widely adopted and has many limitations. If you give me a chance, I would like to bring it forward as 'food for thought'.
I wasn't given the chance to win a 'Best Speaker' award yet. However, I published a few blog posts for Checkmarx and am brewing many other initiatives. I'm also currently studying to pass the CEH certification. Contributing to the AppSec Village at RSAC in San Francisco last year. Check.
Beyond the keyboard, you catch me reading, writing, or practicing martial arts. As in cybersecurity, I seek constant learning.
Full bio: https://bit.ly/3SShO1C
Session
Common Vulnerability Scoring System (CVSS) is the global go-to standard for attributing criticality scores to vulnerabilities. In this talk, I will explore the latest iteration of CVSS (version 4) and its adoption in the Universe of Application Security. I will talk about its role in vulnerability risk management and how it's critical for prioritizing risks. I will highlight some ever-enduring challenges, how to optimize the scoring effectiveness to overcome some of those challenges and play with ideas for an effective solution within the broader context of cybersecurity. I aim to engage with a diverse audience, offering insights into the evolving landscape of Vulnerability Assessment and inspiring discussion on the future developments of the vector for proper Risk Management, with the idea of leaving some open questions for the future.