2019 was a record year for OSS vulnerabilities
Total vulnerabilities in OSS more than doubled in 2019 from 421 Common Vulnerabilities and Exposures (CVEs) in 2018 to 968 last year, according to a RiskSense report. Top 10 …
vulnerability disclosure
Despite lower number of vulnerability disclosures, security teams have their work cut out for them
The number of vulnerabilities disclosed in Q1 2020 has decreased by 19.8% compared to Q1 2019, making this likely the only true dip observed within the last 10 years, Risk …
FIRST releases updated coordination principles for Multi-Party Vulnerability Coordination and Disclosure
The Forum of Incident Response and Security Teams (FIRST) has released an updated set of coordination principles – Guidelines for Multi-Party Vulnerability Coordination and …
Wormable Windows SMBv3 RCE flaw leaked, but not patched
Yesterday, when Microsoft released its regular Patch Tuesday fixes, Cisco Talos and Fortinet inadvertently(?) also published information about CVE-2020-0796, a …
Major vulnerabilities found in popular wireless presentation system
F-Secure consultants have discovered several exploitable vulnerabilities in Barco’s ClickShare wireless presentation system. Attackers can use the flaws to intercept and …
GitHub Security Lab aims to make open source software more secure
GitHub, the world’s largest open source code repository and leading software development platform, has launched GitHub Security Lab. “Our team will lead by …
Companies should disclose cybersecurity risk management efforts
Research finds that when one company experiences a cybersecurity breach, other companies in the same field also become less attractive to investors. However, companies that …
Disclosing vulnerabilities to improve software security is good for everyone
Today, software companies and security researchers are near universal in their belief that disclosing vulnerabilities to improve software security is good for everyone, …
Why are some vulnerabilities disclosed responsibly while others are not?
EU’s cybersecurity agency ENISA has delved into the problematics of vulnerability disclosure and has released a report that addresses economic factors, incentives and …
Adobe plugs critical RCE Flash Player flaw, update ASAP! Exploitation may be imminent
Adobe has released a Flash Player update that plugs a critical vulnerability (CVE-2018-15981) that could lead to remote code execution, and is urging users to implement it as …
66.1% of vulnerabilities published through Q3 2018 have a documented solution
There have been 16,172 vulnerabilities disclosed through October 29th, which is a 7% decrease from the high record reported last year at this time. The 16,172 vulnerabilities …
10,644 vulnerabilities disclosed in the first half of 2018
There have been 10,644 vulnerabilities disclosed through June 30th, according to Risk Based Security’s 2018 Mid Year VulnDB QuickView report. This is the highest number …
