The CyberRisk Summit is back: Join us on Dec 6. as we recap the cyber risk landscape in 2022 | Get free ticket >> 

Live webinar, Oct 13: Attend to learn how you can deduplicate vulnerability and deliver a smarter approach to cyber risk management  | Register  >>

New report: Mapping MITRE ATT&CK framework to CVEs |  Read more  >>

CWE top 25 most dangerous software weaknesses in 2022 – what they mean

As application development accelerates, so must security within this environment. Fortunately, there are many tools and resources to help security teams navigate the increasing threatscape of application security, not least from MITRE, who have released their latest list of software vulnerabilities.  Here’s everything you need to know about the 2022 CWE top 25 most dangerous… Continue reading CWE top 25 most dangerous software weaknesses in 2022 – what they mean

First officer’s log – week 1

First Officer’s log, Terrestrial date, 05232022.  Officer of the Deck reporting.  We’ve had another active week, with several stories getting our attention and the following are four of the most interesting.  CISA’s CVE backtrack  What happened  CISA has temporarily removed CVE-2022-26925 from the Known Exploited Vulnerability Catalog due to some unforeseen issues when it’s deployed… Continue reading First officer’s log – week 1

CISA and NIST compile ominous vulnerability reports

Last month, the US Cybersecurity and Infrastructure Security Agency (CISA) issued a new directive requiring federal agencies to patch known exploited vulnerabilities within specific timeframes. With this directive, CISA also published the Known Exploited Vulnerabilities Catalog. While a welcome move, these vulnerability reports are not enough on its own to change the cyber risk status… Continue reading CISA and NIST compile ominous vulnerability reports