vulnerability management
NIST is chipping away at NVD backlog
The National Institute of Standards and Technology (NIST) is clearing the backlog of unprocessed CVE-numbered vulnerabilities in the National Vulnerability Database (NVD), but …
Risk hunting: A proactive approach to cyber threats
Cybersecurity is an overly reactive industry. Too often we act like firefighters, rushing from blaze to blaze, extinguishing flames hoping to keep the damage to a minimum, …
Defenders must adapt to shrinking exploitation timelines
A new report from Mandiant reveals that the average time-to-exploit vulnerabilities before or after a patch is released has plunged to just five days in 2023, down from 32 …
Strengthening Kubernetes security posture with these essential steps
In this Help Net Security interview, Paolo Mainardi, CTO at SparkFabrik, discusses comprehensive strategies to secure Kubernetes environments from development through …
EU adopts Cyber Resilience Act to secure connected products
The EU Council has adopted the Cyber Resilience Act (CRA), a new law that aims to make consumer products with digital components safe(r) to use. CRA requirements The CRA …
Best practices for implementing threat exposure management, reducing cyber risk exposure
In this Help Net Security interview, Sanaz Yashar, CEO at Zafran, discusses the role of threat exposure management (TEM) in modern cybersecurity strategies. As traditional …
Detecting vulnerable code in software dependencies is more complex than it seems
In this Help Net Security interview, Henrik Plate, CISSP, security researcher, Endor Labs, discusses the complexities AppSec teams face in identifying vulnerabilities within …
Trends and dangers in open-source software dependencies
A C-suite perspective on potential vulnerabilities within open-source dependencies or software packages reveals that, while remediation costs for dependency risks are …
Managing low-code/no-code security risks
Continuous threat exposure management (CTEM) – a concept introduced by Gartner – monitors cybersecurity threats continuously rather than intermittently. This …
Vulnerability prioritization is only the beginning
To date, most technology solutions focused on vulnerability management have focused on the prioritization of risks. That usually took the shape of some risk-ranking structure …
How network segmentation can strengthen visibility in OT networks
What role does the firewall play in the protection of operational technology (OT) networks and systems? Many would say that it’s the defensive mechanism to protect that …
Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise
Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities, and, as a result, data loss are the reality that DevSecOps teams have to face every …