New Google vulnerability: Learn about zero-day CVE-2022-3075 in Chorme web browser  | Fix now >> 

The CyberRisk Summit on-demand: Watch the latest #CRS anytime, anywhere | Watch now  >>

New report: Mapping MITRE ATT&CK framework to CVEs |  Read more  >>

Exploit maturity: an introduction

IT Security teams know that fixing all vulnerabilities is impossible. The goal is not to fix everything, but to mitigate the cyber risk with the most impact. Exploit maturity helps us make sense of the most pressing threats by providing us with an understanding of the real risk posed by any given vulnerability. This white… Continue reading Exploit maturity: an introduction

Secure coding best practices

Developers are essential players when it comes to delivering new products and features. But they are also integral to ensuring security within applications. Vulnerable code can easily open the door to greater cyber risk, and developers must stay vigilant and put security first. This isn’t an easy challenge given that they are understandably not cyber… Continue reading Secure coding best practices

Vulnerability management – cloud and remote working

For many organizations, vulnerability management remains a big concern. Security teams are accountable, but not responsible, for much of the risk mitigation process, and struggle to communicate its importance to different teams and stakeholders. Migration to the cloud has not helped this. While identifying vulnerabilities has become more straightforward, fixing them and managing the cyber… Continue reading Vulnerability management – cloud and remote working

Mapping CVEs to the MITRE ATT&CK framework

As the cyber industry embraces and standardizes the MITRE ATTACK framework, while at the same time understanding that vulnerability management by itself is not enough, we must combine both worlds and expand our visibility and perception of CVEs. This white paper explores how the Vulcan Cyber research team, also known as “Voyager18” team, mapped relevant techniques to… Continue reading Mapping CVEs to the MITRE ATT&CK framework

How organizations can avoid cyber negligence

Attack surfaces have never been bigger, and cyber security teams are quickly overwhelmed by a growing threatscape. It’s easy to fall into a trap of cyber negligence, reacting from one crisis to another. But this is an unsustainable, short-sighted approach. This white paper – based on a Remediation Summit session from Ryan Gurney (CISO-in-residence at… Continue reading How organizations can avoid cyber negligence

Case Study: How Snowflake Gets Fix Done