Vulnerability management News
July 07, 2015
The OpenSSL project team will release a critical patch on Thursday and experts warn admins that the upgrade process could take days or weeks to complete.
June 26, 2015
RubyGems software packaging client was found to have a DNS vulnerability that redirects users to malicious gem servers.
May 12, 2015
Microsoft's May 2015 Patch Tuesday has made 2015 this biggest year for patches through the first five months and is highlighted by two non-critical patches, according to experts.
March 25, 2015
Secunia's 2015 Vulnerability Report shows that better vulnerability reporting and awareness of flaws doesn't necessarily mean vendors offer more patches or focus on the most critical issues.
Vulnerability management Get Started
Bring yourself up to speed with our introductory content
Security reports are a good way for CISOs to communicate with the board of directors. Here are specific topics that should be included in the reporting. Continue Reading
Expert Ed Tittel looks at VeriSign iDefense threat intelligence service for providing data on today's top IT threats to organizations. Continue Reading
AWS penetration testing must be done in both cloud and on-premises infrastructures. Cloud security expert Rob Shapland offers pointers for conducting a successful AWS pen test. Continue Reading
Evaluate Vulnerability management Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
Every enterprise has its security vulnerabilities and some are easy to spot. The trick is how to prioritize and fix the flaws in the system. This is an increasingly difficult task for information security teams, and therefore the right vulnerability management tool is increasingly important.
This Buyer's Essentials is intended for those InfoSec pros considering purchasing a vulnerability management product. It explains the security problem and what available tools can do to alleviate those problems. It then highlights the key features corporate InfoSec pros should look for in their next vulnerability management tool, as well as some "nice to have" features. This Buyer's Essential also considers such issues as compatibility with existing security infrastructure and ease-of-management considerations. It offers technology buyers a "bottom line" assessment of what a new tool needs to be able to do and how best to evaluate vendor offerings. Continue Reading
This Buyer's Essentials guide helps InfoSec pros assess vulnerability management products by explaining how they work and by highlighting key features corporate buyers should look for so they can evaluate vendor offerings. Continue Reading
Some companies are trying to head off information security glitches before they sign on the dotted line, with help from security officers. Continue Reading
Manage Vulnerability management
Learn to apply best practices and optimize your operations.
Vulnerability management in the cloud can be complicated. Expert Rob Shapland explains how to perform vulnerability scans in AWS under the shared responsibility model. Continue Reading
Is the PCI DSS a sufficient guideline for implementing an application security program? Should organizations take steps beyond the mandated PCI compliance checklist? Continue Reading
Authenticated vulnerability scanning may be just what your organization needs to complete its vulnerability management program. In this video, expert Kevin Beaver offers pointers for performing an authenticated vulnerability scan. Continue Reading
Problem Solve Vulnerability management Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
The open source Metasploit Framework is an essential tool to help enterprises detect new vulnerabilities. Michael Cobb explains why. Continue Reading
Today's enterprise app sec pro can be expected to work with as many as 200 programmers. Keeping up with the pace requires security automation. Continue Reading
The Internet of Things is a growing enterprise threat. Learn about the seven key IoT risks to prepare for before implementing an IoT policy. Continue Reading