Conveners
Vulnerability Management: Manage Your Vulnerabilities Before They Manage You
- Andrea Kropacova (CESNET)
Description
Vulnerability Management is a complex process that consists of continuous, repeated identification, assessment, management and reporting of identified vulnerabilities and potential sources of threats and their correction. But it is also about new approaches based on the division of tasks and roles within SW development and application operation, the use of programs based on the Coordinated Vulnerability Disclosure principle, and the use of available and interesting services. And that is what we will focus on in this section.
-
Jessica Schumacher, Joost Gadellaa08/04/2025, 15:30PresentationSingle Presentation (25 min)
What is it about?
Go to contribution page
As NRENs we have the next generations of security experts just one arm length away. At SURF and Switch, we engaged students and university employees in a meaningful way while benefiting educational institutions at the same time. Our concept is simple: bring them together with institutions that volunteer as a target to have them find vulnerabilities in the institutions... -
Rodrigo Facio de Paula08/04/2025, 16:00PresentationSingle Presentation (25 min)
This presentation proposal aims to showcase to the TNC community how we are improving the information security culture and engaging stakeholders in more effective vulnerability management within our DevSecOps process.
To achieve this, we have developed a vulnerability management process with three layers: operational, tactical, and strategic. Each layer controls the one below it, allowing...
Go to contribution page -
Mr Andreas Kyriakou, Aristos Anastasiou (CYNET), Jeroen Wijenbergh, Zoe Fischer08/04/2025, 16:30PresentationSingle Presentation (25 min)
As NRENs or in general organizations grow it can be harder and harder to get a good overview of the total digital infrastructure. You can compare it to the form of an iceberg. Most organizations are aware of a part of their infrastructure (above sea-level); however, a large part of the infrastructure is not mapped out well or not even known by the IT department (below sea level). Furthermore,...
Go to contribution page