Risk assessments metrics and frameworks

  • January 20, 2006 20 Jan'06

    Security Blog Log: Oracle makes Microsoft look good

    Microsoft gets plenty of flak for slow patching, but this week bloggers say they'll take Microsoft's patch process over Oracle's any day.

  • January 12, 2006 12 Jan'06

    Dirty documents cause messy security situations

    What use are firewalls and intrusion prevention systems if insecure digital documents reveal all of an enterprise's best-kept secrets? That's the question many security experts are asking in the wake of several high-profile incidents in which ...

  • December 09, 2005 09 Dec'05

    CSOs say patch management tide is turning

    Security pros at this year's Infosecurity show say IT shops are getting better at patch management. But new threats are emerging, including flaws that never die.

  • December 05, 2005 05 Dec'05

    Review: New Hailstorm a viable in-house pen test option

    Cenzic's latest version weaves nicely with QA and development teams to test commercial and custom applications for vulnerabilities.

  • October 14, 2005 14 Oct'05

    Exploit code lurks following new Windows patches

    Windows IT managers work to apply critical fixes before exploit code that may have Zotob-like effects can harm vulnerable systems.

  • October 05, 2005 05 Oct'05

    Review: Hercules 4.0 provides ample control over vulnerabilities

    The latest upgrade to Citadel's vulnerability management suite includes a library with more than 23,000 vulnerability fixes.

  • September 14, 2005 14 Sep'05

    'Serious' security holes in Linksys router

    The wireless router has five flaws attackers could use to tamper with passwords and firewalls, install firmware and cause a denial of service.

  • September 02, 2005 02 Sep'05

    Symantec glitch could expose user names, passwords

    Symantec announced a fix for a flaw in AntiVirus Corporate Edition Friday afternoon. The security hole could be exploited to view user names and passwords.

  • July 27, 2005 27 Jul'05

    VeriSign raises stakes in battle for threat intelligence

    Not to be outdone by 3Com's "Zero-Day Initiative," VeriSign says it'll shell out more cash for hackers who provide vulnerability intelligence.

  • July 07, 2005 07 Jul'05

    REVIEW: nCircle's IP360 especially helpful for Cisco shops

    nCircle's IP360 is a viable choice for enterprises challenged with gaining control over their security processes, particularly those invested heavily in Cisco security.

  • July 06, 2005 06 Jul'05

    Features added to Windows security checker

    Microsoft Baseline Security Analyzer 2.0 is the newest version of the software company's free vulnerability detection tool.

  • February 07, 2005 07 Feb'05

    Vulnerability mismanagement

    You're just plugging holes if you don't have the right processes and policies.

  • December 16, 2004 16 Dec'04

    Nessus no longer free

    Developers of the popular open-source tool are starting to charge commercial customers who bring nothing to the project's development.

  • December 14, 2004 14 Dec'04

    Outdated software is risky business

    The nation's IT landscape is loaded with antiquated software ripe for attack. But a new study suggests most companies don't plan to address the problem.

  • November 22, 2004 22 Nov'04

    Here, kiddie kiddie

    Exploiting vulnerabilities and capitalizing on configuration errors are the only ways a computer system can be hacked.