(CS)²AI Online™ Seminar: Crying “Vulnerability”- Managing false positives

Register now at: https://attendee.gotowebinar.com/register/8555349883220651353?source=03222023meetupevent

False positives are the curse of the vulnerability detection world. Like the boy who cried “wolf” in Aesop's fable, a technology that cries “Vulnerability” where none exists (a False Positive) soon becomes ignored even when a real vulnerability (a True Positive) is present. False positives also waste valuable time, sending security teams on fruitless searches for vulnerabilities that don’t exist. And even when the vulnerabilities really are there, they may not be exploitable. It’s critical to know the difference between 1) false positive vulnerabilities, 2) true vulnerabilities that aren’t exploitable, 3) true vulnerabilities that are exploitable, and 4) vulnerabilities that are actively being exploited by attackers in the wild.

This talk will explore why false positives occur and the trade-offs between what data scientists call “precision” versus “recall.” We’ll then look at why vulnerabilities can be present but not actually exploitable. Finally, we’ll talk about how suppliers can share this vital information using Vulnerability Exploitability eXchange (VEX) documents to save their customers a world of pain. If you want to run an effective security program, don’t miss this presentation from industry veteran Eric Byres (https://www.linkedin.com/in/ericbyres/) and data science wizard Derek Kruszewski (https://www.linkedin.com/in/derek-kruszewski-p-eng-46bb4124/)

Please note that Meetup.com does not integrate your RSVP's with our meeting platform. Register now at: https://attendee.gotowebinar.com/register/8555349883220651353?source=03222023meetupevent

---------------------------------------------------------------------------------------------
## Certificates for Professional Development/Continuing Education Units (PDUs/CEUs) are available for all registered individuals who attend at least one hour of the event.

## All past seminars and symposiums are available to paid CS2AI.ORG members. Check out the Resources area of our website in the Members Portal https://www.cs2ai.org/

## If you're interested in speaking at a future (CS)2AI event, having your organization become a Strategic Alliance Partner, or engaging in any of the other ways available, please contact us on our https://www.cs2ai.org/get-involved

## Please note that (CS)2AI ONLINE events are provided free of charge as educational career development content through the support of our paid members and the generous contributions of our corporate Strategic Alliance Partners. Contact information used in registering for our directly supported seminars may be shared with sponsors funding those specific events. Unless noted on the Gotowebinar registration page, all events are open for direct funding support.