On Vulnerability Prioritization and Scoring
I am starting my new research project for Q4 2011 (stepping briefly away from PCI DSS compliance): on vulnerability management. As I am going through existing Gartner coverage of the matter (tools,...
View ArticleOn Scanning “New” Environments
First, I want to thank my readers for a lot of insightful comments to my previous post: “On Vulnerability Prioritization and Scoring.” It helped me refine some of the key ideas for my current research...
View ArticleOn LARGE Scale Vulnerability Management
Vulnerability management is very easy, really. Get a scanner, scan a system, peruse the report listing all the flaws, then go and fix them. Done! Risk is presumably reduced and/or compliance is...
View ArticleOn Vulnerability Management and Clouds
This is about “clouds”, so everybody must read it Specifically, this was inspired by this insightful LinkedIn discussion about large-scale vulnerability management where many notable VA/VM...
View ArticleOn PCI DSS and Scanning
PCI DSS and vulnerability scanning are maybe not brothers, but definitely close relatives. PCI DSS mandates that scanning actually happens on schedule, while vulnerability assessment helps find the...
View ArticleMy Vulnerability Assessment Paper Publishes!
One of the three vulnerability assessment papers I’ve been working on published today. “Vulnerability and Security Configuration Assessment Solutions Comparison” is an in-depth look at vulnerability...
View ArticleMy Vulnerability Assessment Technology Paper Publishes!
If you are done reading my “Vulnerability and Security Configuration Assessment Solutions Comparison”, time to start on the next opus grandioso. My “Vulnerability Management Practices and...
View ArticlePatch Management – NOT A Solved Problem!
We again interrupt our regular programming (on network forensics and security data sharing this quarter) to delve into a subject much removed from the exciting world of APT fighting, “kill chain”...
View ArticleOn Vulnerability Prioritization and Scoring
I am starting my new research project for Q4 2011 (stepping briefly away from PCI DSS compliance): on vulnerability management. As I am going through existing Gartner coverage of the matter (tools,...
View ArticleOn Scanning “New” Environments
First, I want to thank my readers for a lot of insightful comments to my previous post: “On Vulnerability Prioritization and Scoring.” It helped me refine some of the key ideas for my current research...
View ArticleOn LARGE Scale Vulnerability Management
Vulnerability management is very easy, really. Get a scanner, scan a system, peruse the report listing all the flaws, then go and fix them. Done! Risk is presumably reduced and/or compliance is...
View ArticleOn Vulnerability Management and Clouds
This is about “clouds”, so everybody must read it Specifically, this was inspired by this insightful LinkedIn discussion about large-scale vulnerability management where many notable VA/VM...
View ArticleOn PCI DSS and Scanning
PCI DSS and vulnerability scanning are maybe not brothers, but definitely close relatives. PCI DSS mandates that scanning actually happens on schedule, while vulnerability assessment helps find the...
View ArticleMy Vulnerability Assessment Paper Publishes!
One of the three vulnerability assessment papers I’ve been working on published today. “Vulnerability and Security Configuration Assessment Solutions Comparison” is an in-depth look at vulnerability...
View ArticleMy Vulnerability Assessment Technology Paper Publishes!
If you are done reading my “Vulnerability and Security Configuration Assessment Solutions Comparison”, time to start on the next opus grandioso. My “Vulnerability Management Practices and...
View ArticlePatch Management – NOT A Solved Problem!
We again interrupt our regular programming (on network forensics and security data sharing this quarter) to delve into a subject much removed from the exciting world of APT fighting, “kill chain”...
View Article
More Pages to Explore .....