The vulnerability management process after Equifax

Managing software vulnerabilities is a universal problem.

While unknown flaws in code or system design are part of the vulnerability management process, responsible disclosure policies and bug bounties have greatly reduced the prevalence of zero-day attacks. Unknown security holes that attackers exploit are usually at high-value targets, such as Fortune 500 companies, government agencies and critical infrastructures.

NotPetya, WannaCry, Conficker and other well-publicized attacks took advantage of vulnerabilities that were publicly known and had available software patches. The use of known vulnerabilities is especially troubling for security professionals because these attacks can be prevented.

Companies haven’t embraced the ever-changing software environments that have […] Read more

Equifax’s Discovery Process Rapidly Evolving Into Prosecution Phase – Equifax Inc. (NYSE:EFX)

Last week’s Equifax (NYSE:EFX) hearings conducted by the U.S. House and Senate provided key items of discovery that will be used by prosecutors and attorneys against the company going forward. The discovery phase of what has transpired in Equifax’s cybersecurity breach encompasses the company’s activities before, during, and after the event. Former Equifax CEO Richard Smith basically served his former company up to prosecutors and plaintiff’s attorneys on a silver platter during these hearings. Going into the congressional hearings, it appeared likely that Equifax was in a lose/lose situation. The results from the hearings confirmed the […] Read more