vulnerability management
What it really takes to build a resilient cyber program
In this Help Net Security interview, Dylan Owen, CISO at Nightwing, talks about what it really takes to build an effective defense: choosing the right frameworks, setting up …
Review: Effective Vulnerability Management
Effective Vulnerability Management offers a view of a key part of cybersecurity, showing how practices, tools, and processes can help organizations reduce risk. About the …
Investing in security? It’s not helping you fix what matters faster
Automation and structured collaboration have a strong, positive influence on the efficiency of vulnerability management, according to Seemplicity. However, manual processes, …
Securing digital products under the Cyber Resilience Act
In this Help Net Security interview, Dr. Dag Flachet, co-founder at Codific, explains what the Cyber Resilience Act (CRA) means for companies and how it compares to GDPR in …
Microsoft vulnerabilities: What’s improved, what’s at risk
Microsoft reported a record 1,360 vulnerabilities in 2024, according to the latest BeyondTrust Microsoft Vulnerabilities Report. The volume marks an 11% increase from the …
Funding uncertainty may spell the end of MITRE’s CVE program
The future of the Common Vulnerabilities and Exposures (CVE) program hangs in the balance: MITRE, the not-for-profit US organization that runs it, could lose the US federal …
94% of firms say pentesting is essential, but few are doing it right
Organizations are fixing less than half of all exploitable vulnerabilities, with just 21% of GenAI app flaws being resolved, according to Cobalt. Big firms take longer to fix …
Only 2-5% of application security alerts require immediate action
The large volume of security alerts, many created by automated tools, is overwhelming security and development teams, according to the 2025 Application Security Benchmark …
Critical vulnerabilities remain unresolved due to prioritization gaps
Fragmented data from multiple scanners, siloed risk scoring and poor cross-team collaboration are leaving organizations increasingly exposed to breaches, compliance failures …
Time for a change: Elevating developers’ security skills
Organizations don’t know their software engineers’ security skills because they don’t assess them in the interview process. Trying to do that in an interview is challenging, …
Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges
In this Help Net Security interview, Alec Summers, Project Leader for the CVE Program at MITRE, shares his insights on the 2024 CWE top 25 most dangerous software weaknesses. …
The effect of compliance requirements on vulnerability management strategies
In this Help Net Security interview, Steve Carter, CEO of Nucleus Security, discusses the ongoing challenges in vulnerability management, including prioritizing …
Featured news
Resources
Don't miss
- Attackers target retailers’ gift card systems using cloud-only techniques
- Attackers turn trusted OAuth apps into cloud backdoors
- Life, death, and online identity: What happens to your online accounts after death?
- OpenFGA: The open-source engine redefining access control
- For blind people, staying safe online means working around the tools designed to help