Security Autopsy

Vulnerability Management

Vulnerability Management Program - How to implement SLA and its processes

Defining good SLAs is a tough challenge, but it’s at the heart of any solid vulnerability management program. This article helps internal security teams set clear SLAs, define the right metrics, and adjust their ticketing system to build a successful vulnerability management program.

Millions of Vulnerabilities: One Checklist to Kill The Noise

One important subject to discuss when talking about vulnerability management is the day you open the valve on a code scanning tool that generates an enormous number of security findings. This has been a problem in information security since the early 2000s that is still being worked on, and now,

Product Security

Beyond Patching: Eradicating Vulnerabilities Root Causes

We’ve all seen it — a CVE comes in, we patch it, a sprint later it’s back again… or something just like it. The same class of issues, over and over. Sound familiar? It’s time we stop playing whack-a-mole and admit the truth!

Vulnerability Management

🧭 TTDO: The Security Metric That Actually Measures Accountability

Time-to-Developer Ownership (TTDO) might be the most overlooked and game-changing metric in vulnerability management today. What is it? Why should you care?

Vulnerability Management

🔥 Let’s start talking about vulnerability management.

I've decided to start blogging about vulnerability management because there's something we need to get straight: chasing CVSS, VPR, EPSS scores (or whatever else) won't actually make your company safer. Context will.

Vulnerability Management Program - How to implement SLA and its processes

Millions of Vulnerabilities: One Checklist to Kill The Noise

Beyond Patching: Eradicating Vulnerabilities Root Causes

🧭 TTDO: The Security Metric That Actually Measures Accountability

🔥 Let’s start talking about vulnerability management.

Latest