Stop Counting Vulnerabilities & Start Measuring Risk
10/31/2017When security teams report on real risk, executive teams can gain a much better understanding of the company's security posture.
Post a Comment
Author
Profile of Ed Bellis
Co-Founder and CTO of Kenna Security News & Commentary Posts: 1Ed Bellis is a security industry veteran and expert and was once named Information Security Executive of the Year. He founded Kenna Security to deliver a data-driven, risk-based approach to remediation and help IT teams prioritize and thwart would-be security threats. Ed is the former CISO of Orbitz and former Vice President, Corporate Information Security, at Bank of America. He is an adviser to Dharma and former adviser to SecurityScoreboard.com and the Society of Payment Security Professionals. Ed is a contributing author to the book Beautiful Security (O'Reilly Media, 2009). He is a frequent speaker at industry conferences. Recent engagements include the 2017 Enterprise Security Summit ("Do's and Don'ts of Establishing Metrics that Cultivate Real Security") and InfoSec World ("Amateur Hour: Why APTs Are the Least of Your Worries").
Articles by Ed Bellis
When security teams report on real risk, executive teams can gain a much better understanding of the company's security posture.
Post a Comment
White Papers
Video
2 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I'll need you to first enable Android's option to install programs from unknown sources.
Latest Comment: I'll need you to first enable Android's option to install programs from unknown sources.
Current Issue
Flash Poll
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-1712
PUBLISHED: 2018-08-16
PUBLISHED: 2018-08-16
PUBLISHED: 2018-08-16
PUBLISHED: 2018-08-16
PUBLISHED: 2018-08-16
From DHS/US-CERT's National Vulnerability Database CVE-2018-1712
PUBLISHED: 2018-08-16
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.
CVE-2018-10139PUBLISHED: 2018-08-16
The PAN-OS response page for GlobalProtect in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected.
CVE-2018-10140PUBLISHED: 2018-08-16
The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected.
CVE-2018-11771PUBLISHED: 2018-08-16
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream,...
CVE-2018-1715PUBLISHED: 2018-08-16
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 14700...
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This