Blog

Jeff Hill
January 26, 2020

In a 2018 interview, former US Navy SEAL Robert O’Neil was asked about the infamous SEAL training technique in which their hands are tied behind their backs, and their feet tied together.  They then jump into a deep pool. He said the first thing that exercise teaches you is “panic…

Jeff Hill
January 10, 2020

If I mentioned the word “whistleblower” these days in a conversation (especially in the US), how many people out of, say 1,000, would think of vulnerability risk management...even in the middle of the floor at RSA in February, or at any other infosec event?   I’m willing to bet none. But…

Serge-Olivier Paquette
January 6, 2020

This blog post introduces the concept of outstanding network asset detection, or what we call Gold Nuggeting, a critical step in vulnerability remediation prioritization. Finding interesting network devices is a fundamental part of the vulnerability prioritization process employed by Delve. While many different factors are taken into account when making…

Serge-Olivier Paquette
December 11, 2019

Part 1 - Problem finders are the best data scientists This is the first article in a series of blog posts that highlights some lessons learned in the field by doing “real and dirty” data science here at Delve, things nobody teaches you in school and even less in online…

Jeff Hill
December 2, 2019

If you’re in the mood for some non-controversial, light entertainment you don’t have to work too hard to enjoy, rent the movie Yesterday.  The premise is clever:  a global weather event removes any and all recollection of the Beatles and their music from just about every person on the planet,…

Jeff Hill
November 11, 2019

I got a chance to watch Dave Chappelle’s latest comedy special this weekend, and among the hour-long show’s bits was one that ridiculed Nancy Reagan’s 1980’s advice for drug addiction:  “Just Say No.” The First Lady’s bumper-sticker prescription to a massive public health and crime epidemic completely trivialized the complexity…

Jeff Hill
October 14, 2019

Contextual Prioritization in Vulnerability Management Imagine a healthcare system in which physicians treated all patients without regard to their individual circumstances.  Heart disease, for example, is a recognized, widespread threat to the health of a large slice of the American population.  It’s dangerous and prevalent. In this imagined world, all…

Eric Boivin
October 9, 2019

Visualizing your entire vulnerability management inventory, at a glance Having an accurate, current  asset inventory is essential to effective vulnerability management. It may sound obvious, but knowing what assets exist in your organization is the first line of defense in cybersecurity, and not necessarily trivial to accomplish. With Delve and…

Louis-Philippe Huberdeau
October 1, 2019

Inadvertently exposed files are the epitome of a classic aphorism:  never attribute to malice that which is adequately explained by stupidity. What are Exposed Files? The quote, known widely as Hanlon’s Razor, can be applied to myriad circumstances, but at times, it seems like it was written specifically for the…