OWASP Vulnerability Management Guide

Join us for the inaugural OWASP Vulnerability Management Guide (OVMG) group meeting where we cover some CVEs that dominated the 2022 headlines, dive into "Untangling The Web of Software Dependencies" with Theresa Mammarella, and walk through the OWASP Vulnerability Management Guide as first timers.

The OVMG meeting agenda:

1. CVEs that dominated the 2022 headlines: Follina, Chrome zero-days, openSSL vulnerabilities, Citrix vulnerabilities, Log4j, and CVE-2022-24521 (Cuba ransomware). Presenter: Elizabeth Frenz. (10 min).
2. Open source components make up a staggering 90% of the code in modern applications. Given the software industry’s heavy reliance on open source projects, it’s increasingly important to choose well-maintained, community-based components to better withstand unpredictable disasters, such as last year's Log4Shell vulnerability. During this session we'll discuss the modern software security landscape, the software supply chain, and best practices for dependency management. Presenter: Theresa Mammarella. (20 min).
3. How to start with the OWASP Vulnerability Management Guide when you do not yet have an established vulnerability management program. Walkthrough led by OVMG author Elizabeth Frenz (15 min).
4. The working group moderator, Zoe Braiterman, will lead Q&A session. (15 min).

Further Information on the OWASP Vulnerability Management Guide:

- Project page: https://owasp.org/www-project-vulnerability-management-guide/
- PDF version: https://owasp.org/www-project-vulnerability-management-guide/OWASP-Vuln-Mgm-Guide-Jun05-2020.pdf
- GitHub repository: https://github.com/lizfrenz/owasp-vuln-mngmnt