Efficient Vulnerability Management in Hierarchical Supply Chains
CVE/FIRST VulnCon 2025 · Main Stage
In an increasingly interconnected world, where software supply chains grow in complexity and depth, managing vulnerabilities efficiently has become a critical challenge for organizations of all sizes. This talk, presented by Toby and Tom KD from Siemens, delves into the intricate problems faced by a global industrial giant in maintaining security across its vast and diverse product portfolio. Siemens, known for developing everything from embedded industrial controllers to SaaS solutions and operating critical infrastructure, grapples with an exponential increase in reported vulnerabilities and the complexities introduced by nested dependencies.
AI review
Two Siemens practitioners sharing genuine operational experience from inside one of the world's most complex industrial supply chains. The problem framing is honest and the architectural thinking is grounded in real pain — product mapping as ground truth, adapted SBOMs as routing mechanisms, the contextual CVSS re-rating problem. None of this is novel to anyone who's thought hard about supply chain vulnerability management, but it's not marketing fluff either. It's a credible case study from people who clearly live this problem daily, held back by the absence of any implementation detail…