BSides Charm 2026
BSidesCharm is a regional Security BSides held in the Baltimore region of Maryland
BSidesCharm is a regional Security BSides held in the Baltimore region of Maryland. It operates under the umbrella principles of Security BSides as a larger community project within information security. BSides aims to offer small, intimate events where all participants can engage each other to help develop connections, friendships, and network with different industry professionals.
Caleb Kinney will present on “Why Vulnerability MTTR Alone Misleads: Add MOVA to Measure Real Risk”.
Description: Teams celebrate when their Mean Time to Remediate (MTTR) drops until it suddenly spikes after fixing old vulnerabilities. That looks like failure, but it’s actually progress and exposure went down. MTTR measures how quickly work closes, not the health of what remains open. Mean Open Vulnerability Age (MOVA) fills that gap by showing the average age of open vulnerabilities at a given point in time, revealing true backlog risk.
This talk defines MTTR and MOVA in clear, practical terms and walks through a simple simulation comparing two common fix strategies: newest-first and oldest-first. MOVA brings that missing dimension by translating backlog health into data leaders can act on. Attendees will see why MTTR alone can mislead, how MOVA exposes hidden risk, and how combining both metrics gives security teams and leaders a more accurate picture of progress and exposure.
