The CyberRisk Summit is back: Join us on Dec 6. as we recap the cyber risk landscape in 2022 | Get free ticket >> 

Live webinar, Oct 13: Attend to learn how you can deduplicate vulnerability and deliver a smarter approach to cyber risk management  | Register  >>

New report: Mapping MITRE ATT&CK framework to CVEs |  Read more  >>

How to fix the zero day CVE-2022-22620 vulnerability

On February 10, Apple released an urgent update for iOS, iPadOS and MacOS to fix the dangerous zero-day CVE-2022-22620 vulnerability. While Apple does not disclose vulnerabilities until after they have completed their research and most users have patches in place, they recommend updating devices as soon as possible. Meanwhile, CISA have ordered federal agencies to… Continue reading How to fix the zero day CVE-2022-22620 vulnerability

Looking Back at 2019’s Nastiest Software Vulnerabilities

As 2019 draws to a close, we want to look back at the year’s biggest security breaches. Some we chose because of the damage they caused, others because of how easily they could have been avoided, just by using stronger passwords or paying attention to warnings. Even the more complex ones could have been prevented… Continue reading Looking Back at 2019’s Nastiest Software Vulnerabilities

The Staggering Growth in Vulnerability Disclosure, 2010 – 2018

With the end of the year, it’s prime time to reflect on vulnerability trends since the start of the decade.

A Closer Look at Vulnerability Disclosure Policy

While technology companies aim to ensure that their products are watertight, the fact of the matter is that security vulnerabilities are discovered. But how they deal with these discoveries varies considerably. The question is: should technology vendors keep vulnerabilities quiet or make them known?