Continuous Compliance in the Age of AI for Critical, Large-Enterprise Products (C20b)
Managing vulnerabilities where AI has reduced zero-day exploits to hours and the chaining of multiple vulnerabilities resulting in hitherto-unconceived exploits presents a significant challenge. This talk puts forth a proposal to address Continuous Compliance under EUCC for large enterprise products used in critical infrastructure. Per EUCC/CRA guidelines, it segregates feature delivery from security updates; addresses detection/verification/remediation using all methods (including AI assisted tools), and addresses a pragmatic timely release and disclosure policy.
