GitHub Security Lab aims to make open source software more secure
GitHub, the world’s largest open source code repository and leading software development platform, has launched GitHub Security Lab. “Our team will lead by …
vulnerability disclosure
Companies should disclose cybersecurity risk management efforts
Research finds that when one company experiences a cybersecurity breach, other companies in the same field also become less attractive to investors. However, companies that …
Disclosing vulnerabilities to improve software security is good for everyone
Today, software companies and security researchers are near universal in their belief that disclosing vulnerabilities to improve software security is good for everyone, …
Why are some vulnerabilities disclosed responsibly while others are not?
EU’s cybersecurity agency ENISA has delved into the problematics of vulnerability disclosure and has released a report that addresses economic factors, incentives and …
Adobe plugs critical RCE Flash Player flaw, update ASAP! Exploitation may be imminent
Adobe has released a Flash Player update that plugs a critical vulnerability (CVE-2018-15981) that could lead to remote code execution, and is urging users to implement it as …
66.1% of vulnerabilities published through Q3 2018 have a documented solution
There have been 16,172 vulnerabilities disclosed through October 29th, which is a 7% decrease from the high record reported last year at this time. The 16,172 vulnerabilities …
10,644 vulnerabilities disclosed in the first half of 2018
There have been 10,644 vulnerabilities disclosed through June 30th, according to Risk Based Security’s 2018 Mid Year VulnDB QuickView report. This is the highest number …
OpenEMR vulnerabilities put patients’ info, medical records at risk
A slew of vulnerabilities in OpenEMR allowed attackers to access random patients’ health records, view data from a target database, escalate their privileges on the …
Vulnerability research and responsible disclosure: Advice from an industry veteran
“Everything changes once you have to supervise and mentor and schedule and coordinate and keep in mind all the things others don’t. You often have to hold back your own …
Exploring the dynamics of the attacker economy
Global software companies are increasingly turning to attackers for help identifying security vulnerabilities in their offerings – and they’re not the only ones. Conservative …
Hacker-powered security is reaching critical mass
HackerOne announced findings from the 2018 Hacker-Powered Security Report, based on over 72,000 resolved security vulnerabilities, 1,000 customer programs and more than $31 …
How to improve software vulnerability disclosure in Europe
As software gets embedded in more and more things we use every day, the problem of software vulnerability reporting and patching rises in importance. Unfortunately, only a few …