Vulnerability management programs exist to drive desired business outcomes. Period. In the case of Levi Strauss & Co. the desired business outcome is to sell more of the world’s original jeans. Last week it was my privilege to host a webcast with Steve Zalewski, Levi Strauss & Co. deputy CISO, to discuss what keeps him… Continue reading Creating a mature security scanner to sell more jeans
With all the vulnerability remediation suites and individual tools on the market, it can be hard to determine which features and components are essential, which features are merely “nice to have”, and which are a waste of resources. We’ve sorted through the myriad of products and came up with the following list of eight components… Continue reading Vulnerability Scanning as the First Step to Risk Remediation
For our day to day product deployment, we use docker containers. Whenever a new piece of code is being shipped to production, our CI/CD process creates several docker images and pushes them to our private registry – standard deployment process.
Knowing what NOT to do can sometimes be just as helpful as knowing the right thing to do. Oftentimes, CISOs and Vulnerability Managers have plans and practices in place that can actually be making matters worse by focusing on the wrong things. Let’s review some of these mistakes so you can avoid them in your… Continue reading Exploited Vulnerabilities Drive Remediation Urgencies
The best way to share information about the risks associated with vulnerabilities is via quantifying these risks – i.e. metrics. The question is, which metrics? In order to communicate a cohesive vulnerability narrative, in this post we’ve grouped some of the more common metrics – with the aim of helping you leverage the most useful… Continue reading Evaluating Vulnerability Management Metrics that Matter Most
In its 2018 “Global Risks Report,” the World Economic Forum – a prominent international policy think-tank – ranked cyber threats just below extreme weather events and natural disasters.