Open Source Summit North America 2017

Vulnerability lifecycle management without automation is a huge burden. You have to constantly watch out for any new vulnerabilities and keep a manual inventory of installed software to determine which devices are affected by new vulnerabilities.

To overcome these challenges, Kota Kanbe wrote an open source vulnerability scanner called Vuls [ https://github.com/future-architect/vuls ].

Vuls tells you which servers and software are related to the newly disclosed vulnerabilities. Vuls can scan more accurately than other open source scanners using multiple detection methods including changelog, Package Manager, NVD, and OVAL, and it is possible to scan many servers at high speed by using the parallel processing in Go language.

In this session, Kota and Teppei will explain Vuls and how to use it in order to automate vulnerability lifecycle management.