Vulnerability Risk Assessment
- September 15, 2016
Oracle's lack of response to security researchers raises more questions after a zero-day MySQL vulnerability was reported, though patches may have already been released.
- July 18, 2016
Responsible disclosure wins as researchers roll out branded website for 'httpoxy,' a set of vulnerabilities in server-side web apps that use the HTTP_PROXY variable.
- May 18, 2016
Internet pioneer Paul Vixie spoke with SearchSecurity about Internet crime, the glibc bug and other pervasive vulnerabilities that may never be eradicated.
- April 19, 2016
DHS says users need to uninstall QuickTime for Windows immediately as Apple quietly sends the software to its end of life following the disclosure of two zero-day flaws.
- April 14, 2016
The much-hyped Badlock bug is still important to patch, but raised issues with celebrity vulnerability promotion and responsible disclosure of security vulnerabilities.
- April 08, 2016
Vulnerability branding was once a practice that elevated understanding of flaws and potentially led to better remediation, but now serves as little more than marketing for security researchers.
- June 05, 2015
A new study claims social media may be a useful indicator of vulnerability risk and lead to more accurate CVSS scores and prioritization.
- May 21, 2015
A new study shows enterprises with security analytics are confident in their threat detection capabilities, while those without are overwhelmed by copious false positives and alerts.
- April 28, 2015
An open source threat model is aiming to be a repository for risk assessment with the aim of allowing enterprise to focus on creating the right security controls for each business.
- April 13, 2015
Experts have split opinions regarding the correct methodology for counting vulnerabilities, but all agree that focusing on numbers can mask real cybersecurity risks.
- March 27, 2015
News roundup: The ban of "booth babes" at RSA Conference 2015 has been met with praise; does it equal an increase of women in infosec? Plus: Cyberthreat data-sharing bill advances; Flash flaw exploited days after patching; new twist on Google Play ...
- July 17, 2014
New Ponemon Institute data shows enterprise executives rarely if ever talk with their security teams, and that threat modeling may be underused.
- September 03, 2013
Analysts expect security concerns to drive global risk management, but executives may need convincing.
- July 19, 2013
A study by Bit9 explains just how bad the Java problem really is: The most popular version has 96 severe vulnerabilities.
- March 04, 2013
At RSA 2013, experts Ed Skoudis and Johannes Ullrich explained how the SANS CyberCity supports offensive forensics and helps prevent kinetic attacks.