Researchers Find One Million Vulnerabilities?!

No researcher has yet claimed to find one million vulnerabilities, but we are sure to see that headline in the future. Every so often we see news articles touting a security researcher who found an incredible number of vulnerabilities in one product or vendor. Given that most disclosures involve a single vulnerability, or sometimes a […]

Nearly 10,000 Vulnerabilities Disclosed So Far In 2017 – Major Vendors Continue To Be Affected

2017 appears to be on pace to exceed 2016’s high mark of 15,669 disclosed vulnerabilities, according to Risk Based Security. RICHMOND, VA, July 26, 2017 — Risk Based Security today announced the release of its Mid-2017 VulnDB QuickView report that shows there have been 9,690 vulnerabilities disclosed through June 30th. This is the highest number […]

Over 2,200 Data Breaches Disclosed So Far In 2017, Exposing Over Six Billion Records

The pace of data breach disclosures remains steady compared to the prior two years while the number of records exposed jumps to a record high. RICHMOND, VA, July 25, 2017 — Risk Based Security today announced the release of its Mid-Year 2017 Data Breach QuickView report, showing there have been 2,227 publicly disclosed data compromise […]

Analysis Of The RANDom Report on Zero-days and Vulnerability Rediscovery

On March 9, 2017, RAND released a report (PDF) titled “Zero Days, Thousands of Nights; The Life and Times of Zero-Day Vulnerabilities and Their Exploits” by Lillian Ablon and Andy Bogart that received a fair amount of press. The RAND press release goes on to describe it as “the first publicly available research to examine […]

The Steady Rise of Bounty Programs, and the Counterpart

We have continued to see a steady rise in the acceptance and adoption of vulnerability bug bounty programs the last several years. Companies like Microsoft, that many may have forgotten that they once said they would not pay for vulnerability information seven years ago, have been steadily expanding their program to pay for more and more vulnerability […]

Join RBS At Hacker Summer Camp 2017

It has been a extremely busy year in the security world and we can’t believe that Hacker Summer Camp is around the corner! The Risk Based Security team will be on site once again this year, to meet and mingle at Black Hat and DEF CON. If you are planning to be in town for […]

WannaCry Wakeup Call Not Heard?

It has been reported that a new malware strain called Petya is spreading by using a code execution vulnerability in Microsoft Office and WordPad (CVE-2017-0199) and then taking advantage of ETERNALBLUE (CVE-2017-0145), which is the same vulnerability exploited by the WannaCry malware. Most people would agree that WannaCry was a pretty big event, and it […]

CVSS – Is 3 The Magic Number?

  We have now come to the end of our blog series discussing CVSSv3. Over the past several months, we’ve attempted to cover the many disadvantages and some advantages of this standard, and how it compares to CVSSv2. New problems have been introduced, old problems remain, but improvements have also been made. Blog Series Feedback […]

Risk Based Security, FIRST & San Juan – What A Combination!

Every year Risk Based Security attends and presents at a variety of industry events, with the FIRST annual conference being one of our favorites.  For those unfamiliar with FIRST, it is a close-knit community of incident response professionals with a long tradition of members working collaboratively on special interest topics and sharing information with the […]

29% Increase In Vulnerabilities Already Disclosed In 2017

2017 starts off with an unrelenting rise in vulnerabilities, according to Risk Based Security RICHMOND, VA, May 23, 2017 — Risk Based Security today announced the release of our VulnDB QuickView for the first quarter of 2017. The report shows an unrelenting rise in the number of vulnerabilities being reported. Unless the pace of vulnerability […]