Just turning the patch dial to "high" is not enough, and if your company is using the Common Vulnerability Scoring System (CVSS) to prioritize software patching, you are doing it wrong.
Use Twitter as well as CVSS to prioritize security patches theregister.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from theregister.com Daily Mail and Mail on Sunday newspapers.
We knew this would require upending a stagnant VM market and forging a new category, ultimately known as Risk-Based Vulnerability Management (RBVM). We knew that once the market was ready for RBVM our customers would be the trailblazers; aligning around the shared vision of their entire organization working together to reduce cyber risk. And we knew that once we had demonstrated the results RBVM could achieve; we would change the way the entire world addresses vulnerability management.
RBVM is about to reach critical mass
Over the past decade, we have not only defined and created the RBVM category but also established Kenna as a clear leader which is a very rare accomplishment. And the best part is that our customers are demonstrably more secure as a result.
Inside New York City’s Cyber Command. Despite debate in the threat intel community, a new study finds that publishing exploits before patches are available does more harm than good. (New York University)
A new study quantifying the benefits and dangers to security when exploits are published before patches found a lot of the latter and little of the former.
There is a counterintuitive debate over whether researchers or criminals releasing exploit code as soon as a vulnerability is discovered is actually beneficial. Advocates believe that posting exploits helps in penetration testing, provides an incentive to patch and generally makes a vulnerability seem more tangible. Detractors note that exploit code can be reappropriated by hackers, including those who otherwise may not have the ability to generate the code themselves.