Srivenkata Gantikota

Vulnerability Remediation Workflows

Abstract:

In modern software development, security vulnerability management is often less a technical challenge and more a workflow problem. A single release cycle can generate over a thousand findings across SAST, DAST, dependency scanning, and penetration testing — far more than any team can realistically remediate without burning out or breaking trust with engineering.
In this talk, I will walk through the end-to-end vulnerability remediation workflow that separates programs that survive from those that collapse. I will cover practical triage strategies that eliminate noise at scale, severity assignment models that reflect operational reality rather than raw CVSS scores, and developer assignment practices that preserve the relationship between security and engineering teams. I will also address the verification gap — why "marked fixed" is not the same as "actually fixed" — and how automation closes it. Finally, I will discuss risk acceptance as a legitimate workflow path, and the reporting metrics that drive the right behaviors without creating perverse incentives.
The core argument is simple: the tooling is commodity. What determines whether a vulnerability management program lasts is whether the workflow respects the people doing the work.

Profile:

I am a software developer and published researcher with a distinguished record across academia and industry. I currently serve as a Software Developer at UC San Diego's IT Department, where I oversee mission-critical financial aid applications that directly impact thousands of students — bridging the gap between rigorous engineering and real-world institutional impact.
I am a prolific contributor to the IEEE community, having authored papers across multiple IEEE conferences and journals, and have served as a reviewer and judge for numerous conference submissions.I am also a Fellow of THREWS reflecting my long-term commitment to advancing technical research.I hold a patent on User Performance Analysis and Correction for Software Systems, a framework addressing how software can intelligently detect, analyze, and respond to user behavior to improve outcomes and efficiency.
As an keynote speaker, I look forward to sharing insights drawn from decades of hands-on experience in software development, academic research, and innovation — exploring how performance-aware systems are shaping the next generation of intelligent software.