Vulnerability Management Blog

There are a number of terms and phrases used in and around the vulnerability management community, and the objective of this post is to explain some of them in plain language.

...vulnerability hype competes for experts’ time and attention, along with a theoretically mature & repeatable process that has to work efficiently with scarce  resources.

The installation of new software can break the system on which it’s running, or those adjacent, and even in the best-case circumstance, business-critical systems must be brought offline purposely for a period of time to install and test patches. Thus, patching is not the panacea it might appear to be to the uninitiated.

And this is where AI comes in.

In a 2018 interview, former US Navy SEAL Robert O’Neil was asked about the infamous SEAL training technique in which their hands are tied behind their backs, and their feet tied together.  They then jump into a deep pool. He said the first thing that exercise teaches you is “panic…

If I mentioned the word “whistleblower” these days in a conversation (especially in the US), how many people out of, say 1,000, would think of cyber security and vulnerability risk management...even in the middle of the floor at RSA in February, or at any other infosec event?  I’m willing to…

Focusing on a vulnerability report example, this blog post introduces the concept of outstanding network asset detection, or what we call Gold Nuggeting, a critical step in vulnerability remediation prioritization. Finding interesting network devices is a fundamental part of the vulnerability prioritization process employed by Delve. While many different factors…

Vulnerability Assessment Example The challenge providing or discussing a vulnerability assessment example is that, by its very nature, the phrase “vulnerability assessment example” implies it’s a point-in-time activity. The very phrase sends the wrong message about vulnerability management best practices and the most effective ways to minimize vulnerability risk. In…

Many business and consumer products have benefited from the application of artificial intelligence technologies in the past decade, but legacy vulnerability management products have yet to fully embrace the potential of AI to streamline operations, and more importantly, greatly reduce enterprise vulnerability risk.

Part 1 - Problem finders are the best data scientists This is the first article in a series of blog posts that highlights some lessons learned in the field by doing “real and dirty” data science here at Delve, things nobody teaches you in school and even less in online…