#vulnerability-management

[ follow ]
fromThe Hacker News
12 hours ago

Automation Is Redefining Pentest Delivery

Automated, real-time delivery of pentest findings replaces static reports to accelerate remediation, standardize workflows, and reduce manual effort.
#cybersecurity
fromDevOps.com
2 weeks ago
Artificial intelligence

Black Duck Software Extends AI Reach to IDE to Better Secure Code - DevOps.com

Information security
fromThe Hacker News
1 month ago

CTEM vs ASM vs Vulnerability Management: What Security Leaders Need to Know in 2025

Enterprise security must evolve beyond passive measures, adopting proactive strategies like Continuous Threat Exposure Management, Vulnerability Management, and Attack Surface Management.
Europe politics
fromInfoQ
2 months ago

Goodbye CVE? European Vulnerability Database EUVD Now Live

The European Vulnerability Database (EUVD) has been launched to enhance cybersecurity coordination and provide an alternative to the CVE system.
fromDevOps.com
2 weeks ago
Artificial intelligence

Black Duck Software Extends AI Reach to IDE to Better Secure Code - DevOps.com

more#cybersecurity
#cloud-security
fromSilicon Canals
2 months ago
Artificial intelligence

London-based Maze secures 22.5M to beat hackers at their own game through an AI agent - Silicon Canals

fromSilicon Canals
2 months ago
Artificial intelligence

London-based Maze secures 22.5M to beat hackers at their own game through an AI agent - Silicon Canals

more#cloud-security
fromComputerworld
1 month ago

Kandji helps secure Apple enterprise with Vulnerability Response

Kandji's tool detects and manages vulnerabilities in Mac apps based on CVE data.
Web development
fromMedium
1 month ago

How to Implement Robust WAF Protection for Web Applications: Block SQL Injection, XSS, and DDoS...

Web Application Firewalls (WAFs) protect web applications from threats like SQL injection and Cross-Site Scripting (XSS).
fromDevOps.com
1 month ago

SBOMs Are Not Enough - DevOps.com

SBOM is essential for effective software composition analysis to manage vulnerabilities in third-party components.
fromDevOps.com
1 month ago

Still Running Vulnerable Log4j Instances? - DevOps.com

Log4j vulnerabilities remain a significant risk for organizations due to visibility and dependency issues.
Continuous monitoring and software composition analysis are essential for security.
Information security
fromTheregister
1 month ago

Nearly half of ransomware victims still pay out, says Sophos

Nearly half of ransomware victims still pay the ransom despite advice against it, but average payments are decreasing.
Organizations are becoming better at minimizing ransomware impacts, negotiating lower ransom amounts.
fromThe Hacker News
3 months ago

Pen Testing for Compliance Only? It's Time to Change Your Approach

Compliance-driven penetration testing can leave organizations vulnerable because it typically only covers compliance-relevant vulnerabilities, neglecting deeper security issues that may exist.
Information security
fromTechzine Global
3 months ago

Dropping the SBOM, why software supply chains are too flaky

Gartner estimates that by 2025, 45% of organizations globally will face attacks on their software supply chains, reflecting a three-fold increase since 2021.
Software development
fromThe Hacker News
3 months ago

How to Automate CVE and Vulnerability Advisory Response with Tines

Before automation, creating tickets for 45 vulnerabilities took about 150 minutes of work. After automation, the time needed for the same number of tickets dropped to around 60 minutes.
DevOps
fromThe Hacker News
3 months ago

New Research Reveals: 95% of AppSec Fixes Don't Reduce Risk

Most application security alerts are unnecessary, causing more harm than good for organizations.
Application security has become inefficient, with teams overwhelmed by irrelevant alerts.
Improving application security requires a shift from mere detection to meaningful context.
#devsecops
more#devsecops
#cve-foundation
more#cve-foundation
fromArs Technica
4 months ago

Crucial CVE flaw-tracking database narrowly avoids closure to DHS cuts

CVE's funding was at risk, but CISA has extended the contract to ensure continued operations.
[ Load more ]