Vulnerability Management Blog

Delve Labs Team
March 3, 2020

There are a number of terms and phrases used in and around the vulnerability management community, and the objective of this post is to explain some of them in plain language.

Pierre-David Oriol
February 10, 2020

...vulnerability hype competes for experts’ time and attention, along with a theoretically mature & repeatable process that has to work efficiently with scarce  resources.

Jeff Hill
February 4, 2020

The installation of new software can break the system on which it’s running, or those adjacent, and even in the best-case circumstance, business-critical systems must be brought offline purposely for a period of time to install and test patches. Thus, patching is not the panacea it might appear to be to the uninitiated.

And this is where AI comes in.

Jeff Hill
January 26, 2020

In a 2018 interview, former US Navy SEAL Robert O’Neil was asked about the infamous SEAL training technique in which their hands are tied behind their backs, and their feet tied together.  They then jump into a deep pool. He said the first thing that exercise teaches you is “panic…

Jeff Hill
January 10, 2020

If I mentioned the word “whistleblower” these days in a conversation (especially in the US), how many people out of, say 1,000, would think of cyber security and vulnerability risk management...even in the middle of the floor at RSA in February, or at any other infosec event?  I’m willing to…

Serge-Olivier Paquette
January 6, 2020

Focusing on a vulnerability report example, this blog post introduces the concept of outstanding network asset detection, or what we call Gold Nuggeting, a critical step in vulnerability remediation prioritization. Finding interesting network devices is a fundamental part of the vulnerability prioritization process employed by Delve. While many different factors…

Delve Labs Team
January 2, 2020

Vulnerability Assessment Example The challenge providing or discussing a vulnerability assessment example is that, by its very nature, the phrase “vulnerability assessment example” implies it’s a point-in-time activity. The very phrase sends the wrong message about vulnerability management best practices and the most effective ways to minimize vulnerability risk. In…

Serge-Olivier Paquette
December 11, 2019

Part 1 - Problem finders are the best data scientists This is the first article in a series of blog posts that highlights some lessons learned in the field by doing “real and dirty” data science here at Delve, things nobody teaches you in school and even less in online…