Madness of Vulnerability Management in Modern Cloud, Container, How to Win the Battle...
CVE/FIRST VulnCon 2025 · Main Stage
The rapid adoption of cloud-native architectures, containers, and open-source components has profoundly transformed the landscape of vulnerability management, escalating its complexity to unprecedented levels. This talk, delivered by industry veterans Franchescoon "Franks" and James, delves into the "madness" of current vulnerability management practices, arguing that traditional, CVE-centric approaches are no longer effective. They contend that the sheer volume and dynamic nature of vulnerabilities in modern environments necessitate a radical shift towards a more intelligent, context-aware, and threat-centric strategy.
AI review
A competent practitioner talk on cloud-native vulnerability management that accurately diagnoses real operational pain — scanner sprawl, ephemeral asset ownership, CVSS theater, developer fatigue — and proposes a coherent multi-dimensional prioritization framework. The speakers clearly live in this problem space daily, and the 'four horsemen' construct (attribution, lineage, traceability, code-to-cloud reachability) is a useful organizing frame. The problem is this is essentially a well-packaged articulation of ideas the industry has been converging on for 2-3 years: EPSS + KEV +…