What are software vulnerabilities?Common Vulnerabilities and ExposuresWhat is the NIST definition of software vulnerabilities?CVSSCommon Weakness EnumerationKnown Exploited VulnerabilitiesCVE, CWE, and KEVWhat we’re up againstPrioritizing your remediationsCISA’s KEV CatalogCVSS metric – Attack VectorCVSS metric – Attack ComplexityCVSS metric – Privileges RequiredCVE priorityStarting with vulnerability scansMaking it funIn the cloudSecuring your codeIaCSASTDASTIASTSoftware composition analysisOWASPSummary