Josh Bressers

Josh Bressers, a supply chain and open source security expert at Anchore, dives into the intricate world of open source components. He discusses the pervasive challenges of managing vulnerabilities in legacy systems and the critical role of Software Bill of Materials (SBOMs). They tackle regulatory pressures around software liability and the automation needed to tackle the increasing volume of CVEs. Josh also highlights innovative tools like SIFT and Gripe, emphasizing their importance in enhancing transparency and security in software development.

Josh Bressers, a knowledgeable figure in vulnerabilities and exploits, dives into the complexities of patch management. He discusses the limitations of tools like MITRE ATT&CK and CVSS in accurately prioritizing vulnerabilities. The conversation emphasizes the importance of context in patching decisions and addresses the challenges of tracking incidents that lack CVEs. Bressers shares insights on the balance between urgent patches and asset criticality, highlighting personal anecdotes that shed light on navigating the evolving cybersecurity landscape.

Experts discuss the drama around NVD and its impact on vulnerability management. They highlight concerns about lack of CVE enrichment and the grassroots effort to raise awareness. The podcast explores the underfunding and oversight of critical software ecosystem components. Future solutions from NIST/NVD, government, and industry are discussed to resolve the issue.