Risk Prioritization With SAST/DAST Symbolic Execution

I have a huge amount of unpatched vulnerabilities in my ICS. What should I patch when?

Susan suggests and describes novel technologies, like hybrid Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) Symbolic Execution with Confidence Scoring as a method that can provide risk prioritization with high certainty.

She explores emerging Machine Learning (ML) vulnerability analysis science approaches and how they can be applied by both expert and non-expert OT/ICS cybersecurity professionals.

Dale's note: What to patch when is a question many have tried to answer (including me with my ICS-Patch decision tree). I thought this approach might be new and interesting for many attendees.