Security Autopsy

Millions of Vulnerabilities: One Checklist to Kill The Noise

One important subject to discuss when talking about vulnerability management is the day you open the valve on a code scanning tool that generates an enormous number of security findings. This has been a problem in information security since the early 2000s that is still being worked on, and now,

Product Security

Beyond Patching: Eradicating Vulnerabilities Root Causes

We’ve all seen it — a CVE comes in, we patch it, a sprint later it’s back again… or something just like it. The same class of issues, over and over. Sound familiar? It’s time we stop playing whack-a-mole and admit the truth!

Vulnerability Management

🧭 TTDO: The Security Metric That Actually Measures Accountability

Time-to-Developer Ownership (TTDO) might be the most overlooked and game-changing metric in vulnerability management today. What is it? Why should you care?

Vulnerability Management

🔥 Let’s start talking about vulnerability management.

I've decided to start blogging about vulnerability management because there's something we need to get straight: chasing CVSS, VPR, EPSS scores (or whatever else) won't actually make your company safer. Context will.

Millions of Vulnerabilities: One Checklist to Kill The Noise

Beyond Patching: Eradicating Vulnerabilities Root Causes

🧭 TTDO: The Security Metric That Actually Measures Accountability

🔥 Let’s start talking about vulnerability management.

Latest