“Madison Avenue – Esqe” Vulnerability : POODLE
An increasing trend in vulnerability disclosure is dubbing each flaw with a catchy name and a Madison Avenue-esqe marketing campaign. We’ve had Shellshock, Heartbleed and new in the last couple weeks,...
View ArticleThe Frequently Overlooked Security Practice of Configuration Management
In a previous blog post, I discussed how Asset Management is a cornerstone of any good Vulnerability Management program. I’ve also discussed patching in multiple blogs. The area often overlooked during...
View ArticleVulnerability Management vs. Vulnerability Assessment
Item 4 of the SANS 20 Critical Security Controls details the need for a Continuous Vulnerability Assessment and Remediation program. The “and” in this description is the basis for a Vulnerability...
View ArticleThere’s No Such Thing As A (Patching) Free Lunch
A lot of emphasis has been placed on getting companies to patch timely when a vulnerability is discovered. While “timely” has been debated and may mean different things to different people, it’s...
View ArticleWindows Update for Business
An announcement at Microsoft’s Ignite conference in May potentially shifted how patches are applied to Microsoft Windows systems in the future. The “Windows Update for Business” service is designed to...
View Article
