BoF: Automating Vulnerability Scanning with Vuls
Vulnerability lifecycle management without automation is a huge burden. You have to constantly watch out for any new vulnerabilities and keep a manual inventory of installed software to determine whic …
| Talk Title | BoF: Automating Vulnerability Scanning with Vuls |
| Speakers | Teppei Fukuda (Security Engineer, Future Architect, inc), Kota Kanbe (Senior Architect, Future Architect, inc) |
| Conference | Open Source Summit North America |
| Conf Tag | |
| Location | Los Angeles, CA, United States |
| Date | Sep 10-14, 2017 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
Vulnerability lifecycle management without automation is a huge burden. You have to constantly watch out for any new vulnerabilities and keep a manual inventory of installed software to determine which devices are affected by new vulnerabilities. To overcome these challenges, Kota Kanbe wrote an open source vulnerability scanner called Vuls [ https://github.com/future-architect/vuls ]. Vuls tells you which servers and software are related to the newly disclosed vulnerabilities. Vuls can scan more accurately than other open source scanners using multiple detection methods including changelog, Package Manager, NVD, and OVAL, and it is possible to scan many servers at high speed by using the parallel processing in Go language. In this session, Kota and Teppei will explain Vuls and how to use it in order to automate vulnerability lifecycle management.
