How do you tell your audience that somebody found a vulnerability on your site?

Disclosing vulnerabilities is a part of handling your risk exposure. Many times, web vulnerabilities are found by security firms scanning large portions of the web, or it may come from independent security researchers that have taken an interest in your site. How companies deal with such reported vulnerabilities usually will take one of the following… Continue reading How do you tell your audience that somebody found a vulnerability on your site?

Can we build a vulnerability tracking system using open CVE data?

Most cybersecurity advisors will tell you that the most important of all security measures is to keep your software up to date by installing patches as soon as they are available. Most exploits that hackers use is old – they are not zero-day vulnerabilities being exploited. The reason this works is because people are so… Continue reading Can we build a vulnerability tracking system using open CVE data?