Meltdown and Spectre – The Gifts That Keep On Giving

It’s been some time since the news of the Intel processor vulnerabilities dubbed Meltdown and Spectre broke. We wrote a blog on the initial disclosure and subsequent press frenzy on January 4th, and an update on January 9th covering additional aspects of the fallout. In the last month and a half, the news coverage has […]

RIP – You Will Be Missed

[Updated March 6, 2018] On February 22, Will Dormann tweeted that the main CERT Coordination Center (CERT/CC) website ( had been shuttered. Upon checking ourselves we found the website now redirecting to the Software Engineering Institute at Carnegie Mellon, the parent group of CERT. As a 14-year veteran at CERT/CC, Dormann understandably had some feelings […]

7,900 Vulnerabilities In 2017 You Aren’t Aware Of May Put Your Organization At Risk

2017 sets all time high for the number of disclosed vulnerabilities, according to Risk Based Security. RICHMOND, VA, January 26, 2018 — Risk Based Security today announced the release of the year end VulnDB QuickView report that shows 2017 broke the previous all-time record for the highest number of reported vulnerabilities. The 20,832 vulnerabilities cataloged […]

Prioritization Of Vulnerabilities Requires Proper Intelligence

With well over 170,000 known vulnerabilities published and over 21,000 new disclosures in 2017, organizations must make constant risk decisions. The longer a decision on the best course of action is put off, the longer it takes for a control or patch to be implemented, increasing the organization’s Time of Exposure. Bottom line, there are […]

Risk Based Security and Privacy Ref Announce Partnership

Risk Based Security is pleased to announce a new partnership with Privacy Ref, a leading provider of information privacy services. The two firms are teaming up to offer their customers access to each other’s services. Privacy Ref customers will have preferred access to Risk Based Security’s suite of solutions while RBS customers will be able […]

Over 5,200 Data Breaches Make 2017 An Exceptional Year For All The Wrong Reasons

In an all too common refrain, 2017 claims the dubious record of the most breaches and most records compromised in a year. RICHMOND, VA, February 6, 2018 — Risk Based Security today announced the release of the 2017 Data Breach QuickView Report, showing that once again, the record has been broken for both the most […]

US Government Shuts Down And Leaves Organizations Worldwide Vulnerable

When it was first announced that the US Federal Government was shutting down, most people would admit their first thoughts were how this was going to impact them personally. Will the post office be open? What’s going to happen to many other government run services? However, even they should have, most people were not thinking […]

What You Don’t Know About The Vulnerability Ecosystem Can Lead To A Data Breach

I started working in vulnerability intelligence and running vulnerability databases more than 15 years ago. Recently, I paused to reflect on some of the changes to how vulnerabilities are being reported today versus at the beginning of my career. These changes greatly impact how I believe that organizations must deal with vulnerabilities reported in the […]

The Slow Burn of Meltdown and Spectre: Exploits, Lawsuits, and Perspective

Last week, we published our initial blog about the recently disclosed Meltdown and Spectre vulnerabilities. In that post we focused on the perils of rushing patches, attribution and the disclosure process, research collisions, and the impact on cloud offerings. In this update, we continue to examine higher-level aspects of the disclosures a week after the […]

Rushing Security Fixes, Organizations May Risk Self Imposed Meltdown

On the heels of a nightmare year for security, as most have heard by now, three unique new vulnerabilities were disclosed on January 3, 2018. The vulnerabilities have been given two codenames; Meltdown and Spectre. TL/DR The new vulnerabilities are in microchip processors and affect just about every modern day computing device, including desktops, cloud […]