What a time to have this conversation! Mere days from the certain destruction of CVE, averted only in the 11th hour, we have a chat about vulnerability management lifecycles. CVEs are definitely part of them.
Vulnerability management is very much a hot mess at the moment for many reasons. Even with perfectly stable support from the institutions that catalog and label vulnerabilities from vendors, we'd still have some serious issues to address, like:
- disconnects between vulnerability analysts and asset owners
- gaps and issues in vulnerability discovery and asset management
- different options for workflows between security and IT: which is best?
- patching it like you stole it
Oh, did we mention Matt built an open source vuln scanner?
Matt Toussain is a recognized leader in offensive security, penetration testing, and cybersecurity training. As the founder of Open Security, he has built a firm dedicated to real-world adversarial testing, red teaming, and advanced security education. A former U.S. Air Force cyber warfare leader, Matt has spent over a decade at the cutting edge of cybersecurity, specializing in network exploitation, adversarial tactics, and threat analysis.
Matt is also the creator of Sirius; a tactical cybersecurity vulnerability scanner developed over five years. His work is widely respected in the industry for its technical depth and practical applicability, bridging the gap between security theory and real-world execution.
Through Open Security, Sirius, and his contributions to the cybersecurity community, Matt continues to push the boundaries of offensive security, equipping security professionals with the knowledge and tools to counter evolving threats.
