Prioritization Archives

Prioritization

Get in-depth insights into CISA’s recent KEV ransomware alert. Learn about targeted vendors, exploited products and vulnerabilities with a focus on data and effective remediation strategies. Stay one step ahead of cyber threats.

Francesco Cipollone

Decoding Cybersecurity: Phoenix Security’s Data-Driven Vulnerability Analysis for Cybersecurity Awareness Month

A ciso Perspective on application security how to action vulnerabilities. Jim Newman explores with francesco the meaning of a risk based driven approach on application security with context

Francesco Cipollone

Exploitability Pipeline Application Security Exploitability: A Deep Dive with a risk-based approach

A ciso Perspective on application security how to action vulnerabilities. Jim Newman explores with francesco the meaning of a risk based driven approach on application security with context

Francesco Cipollone

OWASP Top 10 across the years: what are the exploited vulnerabilities

Owasp top 10 has been a pillar over the years; sister to CWE – Common Weakness Enumeration we provide an overview of the top software vulnerabilities and web application security risks with a data-driven approach focused on helping identify what risk to fix first.

Francesco Cipollone

Understanding the OWASP Top 10 across the Years: Common Weaknesses and Notorious Attacks

Francesco Cipollone

Understanding CISA Top Routinely Exploited Vulnerability 2022: Key Insights and Trends for Vulnerability Management

Dive into the world of vulnerability exploitability with insights from CISA KEV, enhanced by powerful data visualizations and a deep dive into dominant vendors.

Francesco Cipollone

Understanding Vulnerability Exploitability: Focusing on What Matters Most in Cybersecurity, CISA KEV Exploit DB, Zero Day and more

With cyber threats growing in sophistication, understanding exploitability has become crucial for security teams to prioritize vulnerabilities effectively. This article explores the key factors that influence the likelihood of exploits in the wild, including attack vectors, complexity levels, privileges required, and more. You’ll learn how predictive scoring systems like EPSS are bringing added dimensions to vulnerability analysis, going beyond static scores. We discuss the importance of monitoring verified threat feeds and exploiting trends from reliable sources, instead of getting distracted by unverified claims and noise. Adopting a risk-based approach to prioritization is emphasized, where critical vulnerabilities are addressed not just based on CVSS severity, but also their likelihood of being exploited and potential business impact. Recent major exploits like Log4Shell are highlighted to stress the need for proactive security. Equipped with the insights from this guide, you’ll be able to implement a strategic, data-backed approach to focusing on the most pertinent risks over the barrage of vulnerabilities.

Francesco Cipollone

The Securities and Exchange Commission (SEC) proposed a report and consequences

The Securities and Exchange Commission (SEC) has proposed a change regarding cybersecurity disclosures and how they will impact public companies. The rules cover various topics, including cybersecurity, environmental, social, and governance issues. The proposed changes will reshape the cybersecurity function, with increased expectations around incident disclosure and response, board-level involvement, and supply chain scrutiny.

Francesco Cipollone

Understanding the 2023 CWE Top 25 Most Dangerous Software Weaknesses and application security patterns over the Years

🔒 Exciting research on software vulnerabilities! We analyzed CWE vulnerability scores and found fascinating insights into the evolving landscape of software security. Our study reveals positive trends and challenges in securing software systems. Check out our report! 💻🔬 #SoftwareSecurity

Francesco Cipollone

What is shift smart? Shift Smart: Risk-based approach to application security vulnerabilities

From Shift Left to Shift Smart leverage risk and context to prioritize vulnerabilities in risk-based methodologies leveraging contextual risk

Francesco Cipollone

CVSS V4, what’s new? What are the differences between CVSS 3.1 and 4

CVSS V4 has been related and has some improvement compared to CVSS 3.1. Some problem still remain but the new version is more flexible and geared to modern attacks. This post explores the new features

Francesco Cipollone

Category: Prioritization

Prioritization

Decoding Cybersecurity: Phoenix Security’s Data-Driven Vulnerability Analysis for Cybersecurity Awareness Month

Exploitability Pipeline Application Security Exploitability: A Deep Dive with a risk-based approach

OWASP Top 10 across the years: what are the exploited vulnerabilities

Understanding the OWASP Top 10 across the Years: Common Weaknesses and Notorious Attacks

Understanding CISA Top Routinely Exploited Vulnerability 2022: Key Insights and Trends for Vulnerability Management

Understanding Vulnerability Exploitability: Focusing on What Matters Most in Cybersecurity, CISA KEV Exploit DB, Zero Day and more

The Securities and Exchange Commission (SEC) proposed a report and consequences

Understanding the 2023 CWE Top 25 Most Dangerous Software Weaknesses and application security patterns over the Years

What is shift smart? Shift Smart: Risk-based approach to application security vulnerabilities

CVSS V4, what’s new? What are the differences between CVSS 3.1 and 4

Resources

Welcome to Peace of Mind

Subscribe Newsletters

ACT Now Platform

Use Cases

Resources

About us

Join our Mailing list!