Mining Software Vulns in SCCM / NIST’s NVD– The Rocky Road to Data Nirvana

BSidesLV 2017

Presented by: Loren Gordon
Date: Wednesday July 26, 2017
Time: 10:30 - 10:55
Location: Ground Truth

Patch management for 3rd-party software can be a significant challenge. The raw data for effective vulnerability management is available in MS’ SCCM (software inventory) and NIST’s NVD (vulnerability database). However extracting the relevant information from complex, sometimes undocumented data structures poses significant challenges.

We set the stage first with a brief overview of SCCM / NVD data structures as well as a look at a (non-typical but interesting!) production environment. Then we’ll take a quick dive into data wrangling / Machine Learning fundamentals applied to this problem: feature extraction, choice of approach, algorithm choice and turning.

Once the technical challenges are resolved, the path to “Data Nirvana” can still be strewn with significant non-technical hurdles to overcome as well. We will discuss some practical “been there, done that” examples. Following a “Lessons Learned” summary, there will be a demo of the tool.

Loren Gordon

With over 25 years’ experience, Loren has done extensive stints at 2 large financial institutions, a major retailer, a world-class telco, a service bureau or two, and now Ubisoft (the greatest gaming company ever!). Loren has worked on everything from mobile phones, laptops and PCs through mainframes, out into the network / inside the data center / along the perimeter / and lost out in the cloud. Along the way, responsibilities have included Risk Analysis / Vulnerability assessments, (lots of) technical security architecture, Red Team lead, binary reversing, security production support, DFIR analyst. Loren is a generalist with a passion for all things technical security.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats