Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/22/2010
04:33 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

nCircle Announces Patch Priority Index

Patch Priority Index rankings are based on nCircle's Risk Score

SAN FRANCISCO, CA "February 23, 2010 " nCircle, the leader in security and compliance auditing solutions, today announced the debut of nCircle Patch Priority Index, a monthly ranking of the highest risk vulnerabilities from key vendors such as Microsoft and Adobe that adjusts to reflect how a vulnerability's risk changes over time. The free, publicly available Patch Priority Index (PPI) provides a repeatable, consistent metric that global IT security teams can use to effectively prioritize the most critical vulnerabilities.

Patch Priority Index rankings are based on nCircle's Risk Score. The nCircle Risk Score was developed over several years using data collected from hundreds of thousands of security audits and was designed to scale to very large networks. It provides a highly granular metric to facilitate true prioritization based on actual risk to the network. The Patch Priority Index contains key elements of the nCircle Risk Score, including a critical time component that is unique among scoring systems. This time component prioritizes new patches within the context of all patches previously released by a vendor within the preceding twelve months, information that is not available through other public sources.

Patch Priority Index debuts for Microsoft vulnerabilities in March. Other key vendors will follow. The Patch Priority Index will be updated regularly and is publicly available to any IT security professional.

"Security operations professionals understand that risks often aren't evaluated and fixed inside a 30 day window, said Andrew Storms, Director of Security Operations. "The nCircle PPI helps prioritize risk reduction decisions by helping evaluate new patches within the context of the bigger security picture."

"With vulnerabilities and exploits in every major enterprise software product on the rise, we believe the Patch Priority Index is an invaluable tool for every IT security team, and that's why we are sharing it with the wider global security community," notes Tim "TK" Keanini, CTO of nCircle. "The track record of the nCircle Risk Score on which it is based is excellent and was established via repeated applications at Fortune 500 networks with the most rigorous security requirements in the world," he adds.

Tyler Reguly, Lead Research Engineer, will be offering a Patch Priority Index presentation at RSA on Tuesday, March 2, at 12 pm, in booth 1023.

About nCircle nCircle is the leading provider of automated security and compliance auditing solutions. More than 4,500 enterprises, government agencies and service providers around the world rely on nCircle's proactive solutions to manage and reduce security risk and achieve compliance on their networks. nCircle has won numerous awards for growth, innovation, customer satisfaction and technology leadership. nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto. Additional information about nCircle is available at www.ncircle.com.

nCircle is a registered trademark of nCircle Network Security, Inc. All other registered or unregistered trademarks are the sole property of their respective owners.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...