VulnDB Add-On for Splunk Brings Best Vulnerability Intelligence To Risk Based Security and Splunk Customers

Risk Based Security (RBS), a provider of detailed information and analysis regarding Vendor Risk Ratings and Vulnerability Intelligence is pleased to announce the launch of our latest VulnDB integration option. The VulnDB Add-On for Splunk helps customers easily integrate data from Risk Based Security’s VulnDB service into Splunk software. The VulnDB Add-On for Splunk assists Splunk® Enterprise and […]

Leaping Forward – Risk Based Security & JFrog Launch 2019 With A New Partnership

Risk Based Security (RBS), the elite provider of comprehensive vulnerability intelligence and vendor risk ratings, is pleased to announce the launch of a new partnership with JFrog, the DevOps technology leader known for enabling liquid software via Continuous Update flows and the creator of Xray, JFrog’s flagship security and compliance scanning solution. Risk Based Security’s […]

On Pace To Break 20k Mark For Disclosed Vulnerabilities

The number of vulnerabilities through Q3 of 2018, though significant and on track to be over 20,000, is down from the same time last year and will likely fall short of the record-breaking 2017 year end numbers of more than 22,000 disclosed vulnerabilities, according to Risk Based Security. Today, Risk Based Security announced the public […]

New libssh Vulnerability – No Logo But Plenty Of Attention

Earlier this week, Andreas Schneider announced the release of a new version of libssh, covering “an important security” that addressed “an authentication bypass vulnerability in the server code”. Pretty quickly we saw several news articles published that covered this issue, as well as third-party blogs that added commentary on the technical side of the vulnerability. […]

Getting To Know Your Electronic Voting Machine. Friend Or Foe?

In April 2016, we published a blog on electronic voting machine (EVM) vulnerabilities titled “To date, Risk Based Security has cataloged over 260 vulnerabilities in electronic voting machines.” Today, that number stands at 292. With the midterm elections coming up, the topic of voter influence, foreign meddling, and EVM security is back in the news, including another […]

Pay No Attention To The Vulnerabilities Behind The Curtain

For years, Microsoft’s Patch Tuesday is something that all IT professionals (not just security practitioners) have dreaded. Since the practice was introduced in October 2003 to reduce the cost of distributing patches, it has become a point of consistency in patch cycles, and the source of grumbling because it often requires a full day or […]

Apache Struts Distraction Continues While Over 600 Additional Vulnerabilities Have Been Released

While everyone has been heavily focused on, or we could say distracted by, the recent Apache Struts vulnerability, the steady flow of additional vulnerabilities being disclosed continues. As we recently pointed out, the flood of vulnerabilities is not letting up this year. They range from the fairly mundane that likely affects few people, to ones […]

Thoughts On The NTIA Software Component Transparency Meeting

I was able to attend the NTIA meeting on Software Component Transparency on July 19th, 2018 hosted in Washington, D.C. at the American Institute of Architects. The meeting was webcast and might eventually be published for others to watch in the future. This was our first time attending (though we really should have been at […]

Watch Out! Another Nasty Apache Struts Vulnerability Has Been Disclosed!

Here we go again! Today, a brand new Apache Struts vulnerability (CVE 2018-11776) has been disclosed that can result in remote code execution. Sure, the patch is out there, but this one is a CVSSv2 10.0 or “Critical” issue which for many organization this should mean it is a full stop, all hands on deck […]

Our Reports Clickbait? No. Click Here To Find Out Why…

Last week, we published our 2018 mid-year report that included an overview of the vulnerabilities that we have tracked and included in VulnDB. We highlighted a key takeaway from the report in the title: “Over 3,000 [vulnerabilities] You May Not Know About”. This statement is based on our aggregation of over three thousand vulnerabilities in […]