New Google vulnerability: Learn about zero-day CVE-2022-3075 in Chorme web browser  | Fix now >> 

The CyberRisk Summit on-demand: Watch the latest #CRS anytime, anywhere | Watch now  >>

New report: Mapping MITRE ATT&CK framework to CVEs |  Read more  >>

Creating a mature security scanner to sell more jeans

Vulnerability management programs exist to drive desired business outcomes. Period. In the case of Levi Strauss & Co. the desired business outcome is to sell more of the world’s original jeans. Last week it was my privilege to host a webcast with Steve Zalewski, Levi Strauss & Co. deputy CISO, to discuss what keeps him… Continue reading Creating a mature security scanner to sell more jeans

Vulnerability Scanning as the First Step to Risk Remediation

With all the vulnerability remediation suites and individual tools on the market, it can be hard to determine which features and components are essential, which features are merely “nice to have”, and which are a waste of resources. We’ve sorted through the myriad of products and came up with the following list of eight components… Continue reading Vulnerability Scanning as the First Step to Risk Remediation

Docker Security Best Practices – Secure the Whales

For our day to day product deployment, we use docker containers. Whenever a new piece of code is being shipped to production, our CI/CD process creates several docker images and pushes them to our private registry – standard deployment process.

Exploited Vulnerabilities Drive Remediation Urgencies

Knowing what NOT to do can sometimes be just as helpful as knowing the right thing to do. Oftentimes, CISOs and Vulnerability Managers have plans and practices in place that can actually be making matters worse by focusing on the wrong things. Let’s review some of these mistakes so you can avoid them in your… Continue reading Exploited Vulnerabilities Drive Remediation Urgencies

Evaluating Vulnerability Management Metrics that Matter Most

The best way to share information about the risks associated with vulnerabilities is via quantifying these risks – i.e. metrics. The question is, which metrics? In order to communicate a cohesive vulnerability narrative, in this post we’ve grouped some of the more common metrics – with the aim of helping you leverage the most useful… Continue reading Evaluating Vulnerability Management Metrics that Matter Most

Lower Cyber Risk with Threat and Vulnerability Management

In its 2018 “Global Risks Report,” the World Economic Forum – a prominent international policy think-tank – ranked cyber threats just below extreme weather events and natural disasters.