vulnerability management

Review: Effective Vulnerability Management
Effective Vulnerability Management offers a view of a key part of cybersecurity, showing how practices, tools, and processes can help organizations reduce risk. About the …

Investing in security? It’s not helping you fix what matters faster
Automation and structured collaboration have a strong, positive influence on the efficiency of vulnerability management, according to Seemplicity. However, manual processes, …

Securing digital products under the Cyber Resilience Act
In this Help Net Security interview, Dr. Dag Flachet, co-founder at Codific, explains what the Cyber Resilience Act (CRA) means for companies and how it compares to GDPR in …

Microsoft vulnerabilities: What’s improved, what’s at risk
Microsoft reported a record 1,360 vulnerabilities in 2024, according to the latest BeyondTrust Microsoft Vulnerabilities Report. The volume marks an 11% increase from the …

Funding uncertainty may spell the end of MITRE’s CVE program
The future of the Common Vulnerabilities and Exposures (CVE) program hangs in the balance: MITRE, the not-for-profit US organization that runs it, could lose the US federal …

94% of firms say pentesting is essential, but few are doing it right
Organizations are fixing less than half of all exploitable vulnerabilities, with just 21% of GenAI app flaws being resolved, according to Cobalt. Big firms take longer to fix …

Only 2-5% of application security alerts require immediate action
The large volume of security alerts, many created by automated tools, is overwhelming security and development teams, according to the 2025 Application Security Benchmark …

Critical vulnerabilities remain unresolved due to prioritization gaps
Fragmented data from multiple scanners, siloed risk scoring and poor cross-team collaboration are leaving organizations increasingly exposed to breaches, compliance failures …

Time for a change: Elevating developers’ security skills
Organizations don’t know their software engineers’ security skills because they don’t assess them in the interview process. Trying to do that in an interview is challenging, …

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges
In this Help Net Security interview, Alec Summers, Project Leader for the CVE Program at MITRE, shares his insights on the 2024 CWE top 25 most dangerous software weaknesses. …

The effect of compliance requirements on vulnerability management strategies
In this Help Net Security interview, Steve Carter, CEO of Nucleus Security, discusses the ongoing challenges in vulnerability management, including prioritizing …

NIST is chipping away at NVD backlog
The National Institute of Standards and Technology (NIST) is clearing the backlog of unprocessed CVE-numbered vulnerabilities in the National Vulnerability Database (NVD), but …