As part of research projects, product assessments, and vulnerability analysis done for our VulnDB service, Risk Based Security occasionally discovers new vulnerabilities. Recently, our Chief Research Officer, Carsten Eiram published our first three vulnerability reports. All cover vulnerabilities in high-profile SCADA products from two major vendors: Rockwell Automation and Schneider Electric. The vulnerability coordination was [...]
Security-Bug Rating System Gets A Makeover
March 19, 2013 By
In an open letter to FIRST, our own Chief Research Officer, Carsten Eiram and Brian Martin of the Open Security Foundation discussed many of the concerns with CVSS. Recently, Carsten spoke with Rob Lemos from Dark Reading about CVSS and was quoted in his article called Security-Bug Rating System Gets A Makeover. “It is a grand goal to have [...]
Carsten Eiram Comments On Java’s Security Problems
March 14, 2013 By
Carsten Eiram was recently quoted in InfoWorld article Java’s security problems unlikely to be resolved soon, researchers say. “It’s difficult to say what has been going on internally at Oracle for the past years, but based on an external impression I feel they could have reacted sooner,” said Carsten Eiram, chief research officer at consulting firm [...]
CVSSv2 Shortcomings, Faults, and Failures Formulation
February 26, 2013 By
Risk Based Security’s own Carsten Eiram, along with Brian Martin from the Open Security Foundation wrote an open letter to FIRST regarding the upcoming Common Vulnerability Scoring System (CVSS) version 3 proposal. While they were not formally asked to provide input, given the expertise of managing vulnerability databases, along with the daily use of CVSS, they felt the feedback [...]
Risk Based Security Partners With AIG For CyberEdge iPad App
February 25, 2013 By
Risk Based Security is pleased to announce our partnership with AIG on their newly released CyberEdge iPad app. The free app was created by AIG to provide policyholders, insurance professionals and risk managers with news, events and up to the minute data breach information. One of the key features of the app is the Data [...]
2012 Sets New Record for Reported Data Breaches
February 11, 2013 By
Risk Based Security’s 2012 Data Breach QuickView report, now available for download, shows that 2012 broke the previous all-time record for the number of reported data loss incidents. With 2,644 incidents recorded through mid-January 2013, 2012 more than doubled the previous highest year on record (2011). On a slightly positive note, although the number of [...]
Carsten Eiram Comments On cURL Vulnerability
February 8, 2013 By
Carsten Eiram provides his insight to ITWorld on the Critical vulnerability in cURL library could affect large number of applications. “I don’t expect that many applications use these options to limit exposure – at least not before this discovery,” Carsten Eiram, chief research officer at security firm Risk Based Security, said Friday via email. This will [...]
Everything is Vulnerable – Even Security Software!
February 1, 2013 By
Carsten Eiram posted Everything is Vulnerable – Even Security Software! on the OSVDB blog: A week ago, I read an interesting blog post by Jeremiah Grossman of WhiteHat Security titled: “201x: The Year of the Security Industry Breach”, which discussed that security software may be the next big target for attackers to focus on Some great points are [...]
Carsten Eiram Discusses New Firefox PDF Viewer
January 11, 2013 By
Carsten Eiram is quoted in a ComputerWorld article Firefox adds built-in HTML5-based PDF viewer to improve security “From a technical standpoint I find it very interesting that they are creating a PDF viewer that utilizes the existing capabilities of the browser,” Carsten Eiram, the chief research officer at security consultancy firm Risk Based Security, said [...]
Risk Based Security appoints Carsten Eiram as Chief Research Officer
December 4, 2012 By
RICHMOND, VA, December 4, 2012 — Risk Based Security, Inc. today announced that it has appointed Carsten Eiram as Chief Research Officer (CRO). The appointment of Mr. Eiram, a leading vulnerability researcher and reverse engineer, signals a strategic focus on software vulnerability research to drive new product development and improvements in existing solutions. As CRO, [...]
