The importance of vulnerability management is simple — find and fix issues before an adversary finds and exploits them. Unfortunately, the remediation rates reported by leading application security vendors average only around 50% or far less. And when vulnerabilities are fixed it takes weeks or months. The rest of the ... Read More

The importance of vulnerability management is simple — find and fix issues before an adversary finds and exploits them. Unfortunately, the remediation rates reported by leading application security vendors average only around 50% or far less. And when vulnerabilities are fixed it takes weeks or months. The rest of the ... Read More

If you visit practically any enterprise InfoSec vendor’s website and are interested in trying out their products or services without speaking to a sales rep first, good luck — this is rarely allowed. Even just getting pricing info from a vendor without engaging in a sales process is next to ... Read More

If you visit practically any enterprise InfoSec vendor’s website and are interested in trying out their products or services without speaking to a sales rep first, good luck — this is rarely allowed. Even just getting pricing info from a vendor without engaging in a sales process is next to ... Read More

ObservationsFrom my personal experience and through conversations I’ve had with many other security pros, we’ve observed that the average level of competency among enterprise InfoSec personnel is either flat or decreasing. And this has been steadily taking place for several years. This occurs despite the plethora of widely accessible educational ... Read More

As a gift, or sometimes more like a curse, my dad passed down his love of classic cars to his children. Each of us has our favorites, and one of mine is a 1950 Mercury. Not just any 1950 Mercury, but a particular highly customized “led sled” hot rod. Chopped, ... Read More

I wanted to get my dad a gift, but not just any gift. The perfect gift. For a diehard hot-rodder like my dad, there can only be one thing -- a car. Of course, not just any ol' thing with four wheels. He quite literally has 50 mostly junkers and ... Read More

Below is a working theory on the evolution of The Press in the United States as it relates to their relationship with the government and the people. I expect to continue refining the theory as new perspectives and competing ideas are discussed.Phase 1) TL/DR; The press’s primary value in the ... Read More

Over the last two decades the penetration-testing / vulnerability assessment market went through a series of evolutionary waves that went like this…1st Wave: “You think we have vulnerabilities and want to hire an employee to find them? You’re out of your mind!"The business got over it and InfoSec people were ... Read More

There is a serious misalignment of interests between Application Security vulnerability assessment vendors and their customers. Vendors are incentivized to report everything they possible can, even issues that rarely matter. On the other hand, customers just want the vulnerability reports that are likely to get them hacked. Every finding beyond ... Read More