Risk Based Security Named Finalist For 2018 Richmond Technology Award

The Richmond Technology Council, central Virginia’s catalyst for technology, recently held its 23rd Annual Technology Awards Meet the Finalists Reception, announcing and honoring the finalists in each award category. The nominees include several local organizations and individuals that are actively helping advance central Virginia’s technology-based economy. Risk Based Security was nominated for the Innovation in Technology Builder Award […]

What Harm Can Come From Missing 59,000 Vulnerabilities?

In January of this year, we released our year end VulnDB QuickView report. It showed that 2017 broke the previous all-time record for the highest number of reported vulnerabilities. No matter how you look at the report, it was a bad year for security in software. We are currently working hard on our Q1 reports. […]

Rolling With The Breaches

Guest post from Pete Herzog, co-founder of the Institute for Security and Open Methodologies (ISECOM). It’s likely that you’re going to one day be the blame for a large-scale advanced persistent threat type of breach at your company. So to get you ready, here’s a helpful tip for you: Don’t. Don’t be the person all fingers […]

Meet Up With Risk Based Security At RSA 2018

The Risk Based Security team will be on site once again this year, to meet and mingle at RSA. If you are planning to be in town for the events, we’d love to see you there. Take a break from the noisy convention floor by booking a meeting with us in the RBS suite.  We […]

Are Partial Vulnerability Disclosures a NetGain or NetLoss?

Late November 2017, a member of our research team at Risk Based Security decided to perform an audit of an IT monitoring solution, NetGain Enterprise Manager, provided by Singapore-based NetGain Systems. The company describes itself as a “pioneer in the IT monitoring and protection business” and has more than 500 customers primarily in Asia and […]

Risk Based Security, Inc. and Vicarius Ltd. Announce Partnership

Risk Based Security, Inc. (RBS) is pleased to announce a partnership with Vicarius Ltd. (Vicarius) to integrate the best-in-class vulnerability intelligence from VulnDB into the Vicarius Topia platform. Vicarius protects clients against exploitation of software vulnerabilities by identifying and prioritizing vulnerabilities within their client environments and limiting access to software that has exploitable code.  With […]

Meltdown and Spectre – The Gifts That Keep On Giving

It’s been some time since the news of the Intel processor vulnerabilities dubbed Meltdown and Spectre broke. We wrote a blog on the initial disclosure and subsequent press frenzy on January 4th, and an update on January 9th covering additional aspects of the fallout. In the last month and a half, the news coverage has […]

RIP CERT.org – You Will Be Missed

[Updated March 6, 2018] On February 22, Will Dormann tweeted that the main CERT Coordination Center (CERT/CC) website (www.cert.org) had been shuttered. Upon checking ourselves we found the website now redirecting to the Software Engineering Institute at Carnegie Mellon, the parent group of CERT. As a 14-year veteran at CERT/CC, Dormann understandably had some feelings […]

7,900 Vulnerabilities In 2017 You Aren’t Aware Of May Put Your Organization At Risk

2017 sets all time high for the number of disclosed vulnerabilities, according to Risk Based Security. RICHMOND, VA, January 26, 2018 — Risk Based Security today announced the release of the year end VulnDB QuickView report that shows 2017 broke the previous all-time record for the highest number of reported vulnerabilities. The 20,832 vulnerabilities cataloged […]

Prioritization Of Vulnerabilities Requires Proper Intelligence

With well over 170,000 known vulnerabilities published and over 21,000 new disclosures in 2017, organizations must make constant risk decisions. The longer a decision on the best course of action is put off, the longer it takes for a control or patch to be implemented, increasing the organization’s Time of Exposure. Bottom line, there are […]