Collaborate Disseminate
In this Help Net Security interview, Alec Summers, Project Leader for the CVE Program at MITRE, shares his insights on the 2024 CWE top 25 most dangerous software weaknesses. He discusses the impact of the new methodology that involves the CNA communit… Continue reading Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges
In this Help Net Security interview, Steve Carter, CEO of Nucleus Security, discusses the ongoing challenges in vulnerability management, including prioritizing vulnerabilities and addressing patching delays. Carter also covers compliance requirements … Continue reading The effect of compliance requirements on vulnerability management strategies
The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations’ cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified. Meanwhile, Coalition’s 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit […]
The post What’s behind unchecked CVE proliferation, and what to do about it appeared first on Security Intelligence.
Continue reading What’s behind unchecked CVE proliferation, and what to do about it
Cybersecurity is an overly reactive industry. Too often we act like firefighters, rushing from blaze to blaze, extinguishing flames hoping to keep the damage to a minimum, rather than fire suppression experts designing environments that refuse to burn…. Continue reading Risk hunting: A proactive approach to cyber threats
A new report from Mandiant reveals that the average time-to-exploit vulnerabilities before or after a patch is released has plunged to just five days in 2023, down from 32 days in 2021 in 2022. One reason for this is the fact that, in 2023, exploitatio… Continue reading Defenders must adapt to shrinking exploitation timelines
In this Help Net Security interview, Paolo Mainardi, CTO at SparkFabrik, discusses comprehensive strategies to secure Kubernetes environments from development through deployment. He focuses on best practices, automation, and continuous monitoring. Many… Continue reading Strengthening Kubernetes security posture with these essential steps
The EU Council has adopted the Cyber Resilience Act (CRA), a new law that aims to make consumer products with digital components safe(r) to use. CRA requirements The CRA outlines EU-wide cybersecurity standards for digital products, i.e. products that … Continue reading EU adopts Cyber Resilience Act to secure connected products
In this Help Net Security interview, Sanaz Yashar, CEO at Zafran, discusses the role of threat exposure management (TEM) in modern cybersecurity strategies. As traditional vulnerability management evolves, TEM addresses the overwhelming risks arising f… Continue reading Best practices for implementing threat exposure management, reducing cyber risk exposure
In this Help Net Security interview, Henrik Plate, CISSP, security researcher, Endor Labs, discusses the complexities AppSec teams face in identifying vulnerabilities within software dependencies. Plate also discusses the limitations of traditional sof… Continue reading Detecting vulnerable code in software dependencies is more complex than it seems
A C-suite perspective on potential vulnerabilities within open-source dependencies or software packages reveals that, while remediation costs for dependency risks are perilously high, function-level reachability analysis still offers the best value in … Continue reading Trends and dangers in open-source software dependencies