October 17, 2:30pm PT, Theater Room
What does working on a nuclear submarine and saving the life of a gunshot victim have to do with managing security bugs? Not much; until now. In order for a vulnerability management program to succeed in both the infrastructure and application domains, it makes sense to take some queues from these high-stress situations and think about communicating security vulnerabilities in ways that incentivize and motivate people to make good security choices. Taking a risk-based approach to vulnerability classification and coupling it with a realistic view of remediation is step one. Layering on the SBAR approach can help structure communications to help drive remediation within SLAs. This talk will lay out the SBAR philosophy and discuss how it has been implemented at Twilio to greatly reduce the number of open vulnerabilities across the enterprise.
Check out all of our other sessions.