We discuss why the promise of automating cybersecurity has yet to be fully realized.

CVE data is often misinterpreted. Jerry Gamblin discusses why that is and what to look for to get the most out of CVE data.

We hop on the line with the Cyentia Institute to discuss our latest joint research, Prioritization to Prediction, Volume 8: Measuring and Minimizing Exploitability. The new report reveals that exploitability for an organization can, in fact, be measured and reveals the best strategies to minimize it.

We tackle a hotly contested debate as old as cybersecurity itself: does releasing exploit code do more harm than good?

We interview Collin Boyce, Chief Information Officer for the City of Tucson, Arizona and discuss his process of turning impossible ideas into real projects that achieve meaningful results.

Dive into a quick history of the CVE List as we kick off a quarterly update that tracks the progress of new CVEs issued.

We discuss and add some quantifiable data to a hot-button issue in the cybersecurity industry: responsible disclosure of vulnerabilities and exploits.

Continuing our miniseries into Risk, Measured: we go back to statistics class and discuss some of the characteristics of good metrics to help people understand what you should be looking for when you want to meaningfully quantify cybersecurity phenomena, program performance, or anything really.

Sometimes a number is just a number. Context - the information and environment around the number - is what really matters. We discuss how this concept holds especially true in vulnerability management and risk scoring.

We discuss the general lack of defensive perspectives in cybersecurity media and culture, how that impacts perceptions and decision making, and what we can do about it.

We discuss the application of power law distributions to cybersecurity.

We look at the phenomena of exploit code moving from traditional and cybersecurity-centric databases like Exploit-DB and Metasploit and instead being published on Github. Is Github becoming a de facto database for exploit code?

We look at the phenomena of exploit code moving from traditional and cybersecurity-centric databases like Exploit-DB and Metasploit and instead being published on Github. Is Github becoming a de facto database for exploit code?

Kenna Security recently celebrated its 10-year anniversary on Dec. 10th, 2020; so we decided to do what we do best and take a data-based (and rare) review of the top vulnerabilities from the past decade, year-by-year.

Kenna Security recently celebrated its 10-year anniversary on Dec. 10th, 2020; so we decided to do what we do best and take a data-based (and rare) review of the top vulnerabilities from the past decade, year-by-year.

We discuss the security and privacy of connected gifts this holiday shopping season.

We discuss the security and privacy of connected gifts this holiday shopping season.

We welcome a special guest from VMware Carbon Black to discuss the state of cloud infrastructure and security, primarily through the lens of vulnerability management today, tomorrow, and far into the future.

We welcome a special guest from VMware Carbon Black to discuss the state of cloud infrastructure and security, primarily through the lens of vulnerability management today, tomorrow, and far into the future.

Jerry Gamblin gives us a pre-thanksgiving primer for Amazon AWS re:Invent 2020, which will be held from Nov. 30 - Dec 18th on a computer monitor near you.