New VulnDB Integration for ServiceNow Enables Better Vulnerability Response

The ServiceNow® Vulnerability Response application is a powerful way for organizations to track, prioritize and resolve vulnerabilities. However, depending on data from vulnerability scanning processes can add time to remediation activities and unnecessarily increase risk exposure. In addition, many of the sources of vulnerability data available for use within ServiceNow are incomplete, limiting visibility to […]

Software Vulnerability Management with Device42 and VulnDB

At Risk Based Security, we’ve always believed that one of the critical components of effective security is knowing your vendors and assets, understanding the threats and vulnerabilities that may impact those vendors and assets, and then using that data to prioritize mitigation actions. That’s why we’re excited to announce the VulnDB® integration into the Device42 […]

The Pains Of Vulnerability Coordination – And What To Learn From It

Some of the members of our Risk Based Security Vulnerability Research Team have been discovering and coordinating vulnerabilities for almost 20 years. Coordinating vulnerabilities can be painful at times, even if things overall have improved, especially when coordinating vulnerabilities with companies from the USA and most parts of the EU. These difficulties can be compounded […]

Critical Vulnerabilities Discovered in South Korean ActiveX controls

computer code on laptop screen

Many years ago, ActiveX was a popular technology. Unfortunately, too many ActiveX controls had a very low code maturity and were riddled with basic vulnerabilities like buffer overflows, or exposed unsafe functionality even if marked as “safe for scripting”. These allowed malicious websites to trivially compromise users’ systems. Today, ActiveX technology is considered obsolete and […]

Vulnerabilities disclosed during the first three months of 2019 reach a Q1 all-time high

RICHMOND, VA, May 16, 2019 — Risk Based Security today released the Q1 2019 Vulnerability QuickView Report. There were 5,501 vulnerabilities aggregated by Risk Based Security’s VulnDB that were disclosed during the first three months of 2019. This represents a 1% increase over the same period in 2018, making this Q1 an all-time high. CVSSv2 […]

Risk Based Security Announces New Integration with Recorded Future for Intelligence-Driven Vulnerability Management

Provides richer, more actionable vulnerability intelligence to improve risk mitigation RICHMOND, VA, May 1, 2019 — Risk Based Security, Inc., a provider of detailed information and analysis on Vulnerability Intelligence, Data Breaches, and Vendor Risk Ratings, today announced a new partnership with Recorded Future, the leading threat intelligence company, to help joint customers more effectively […]

Vulnerability Fixes That Make You Go Hmm…

things that make you go hmmm...

The VulnDB research team processes a large number of vulnerability reports, exploits, and vendor advisories on a daily basis. Each report is scrutinized, classified and added to the VulnDB vulnerability database. They are enriched with important details like affected versions, requirements for exploitation, and sometimes even identifying incorrect fixes. The lack of available detail in […]

Blacklisting Limitations: Poor Cisco Fixes and Korean 0-days

Using blacklisting to fix vulnerabilities is rarely the right approach. That should not come as a surprise to anyone, and we all know variants of the saying: “The developer has to determine all cases of bad input; the attacker just has to determine the one that was missed.” Yet this does not stop vendors from […]

200,000th Vulnerability Added To VulnDB (And Why You Should Care)

VulnDB is the most complete and timely vulnerability intelligence available

RICHMOND, VA, March 29, 2019 — Risk Based Security today announced the addition of the 200,000th vulnerability to VulnDB, the preeminent database of vulnerability intelligence. This significant record highlights the scale of the security challenges faced by organizations, and the sheer volume of data that they need to be able to process. “With over 4,800 […]

More Than 22,000 Vulnerabilities Disclosed In 2018

Risk Based Security today announced the publication of its 2018 Year End Vulnerability QuickView Report, showing over 22,000 new vulnerabilities were disclosed during the year. While approximately 33% of published vulnerabilities received a CVSSv2 score of 7 or above, the number of vulnerabilities scoring 9 or above declined for the third year in a row. […]