Vulnerability feed


7min reading time
Gábor Matuz

How useful is CVSS Score in CVE triage - The CVSS who cried wolf

Based on CVSS Score alone you cannot effectively prioritize issues without taking considerable risk. Other than the practically non-existent Low CVSS severity category all have numerous exploited vulnerabilities

6min reading time

We analyzed 750 exploited vulnerabilities so you don't have to

Doing what sounds rasonable is great, but we have data. TL DR: most vulnerabilities that you must patch are in collaboration tools, CMSs, web frameworks, web servers, administrative and developer tools and security appliances. You should also set automatic updates for Windows.

5min reading time

The problem with CVEs

So this one goes out to the young DevOps, shift left automation folk. I don’t think any of this is going to be new if you are an OG sysadmin and ever waited with dread for the next Patch Tuesday.

Vulnerability FeedContributorsAboutBlog



Privacy Policy