The Product Security Incident Response Team (PSIRT) is a critical part of keeping your IT infrastructure secure, by finding, fixing and reporting product vulnerabilities. But how do they function, and what do they see? We’ll go beyond the lawyer-approved response policies and SLAs and see how a mid-sized IT product company goes from vulnerability discovery to CVE number.Learning Objectives:1: Gain insight into the different maturity levels of vendor PSIRTs.2: Understand how product vulnerability management affects supply chain security.3: Improve your risk management by engaging more effectively with vendor PSIRTs.Pre-Requisites:Past experience with reviewing product vulnerability advisories would be helpful to understand context. Programming background in C, PHP and/or Python would help the examples make more sense.