Vulnerability management

SecureForge is a scam

How I uncovered a highly polished gray mail "vulnerability disclosure" phishing site.

Sep 4 •

The Artificial Intelligence Risk Scoring System (AIRSS) - Part 4

Reporting your results.

Oct 20, 2023

The Artificial Intelligence Risk Scoring System (AIRSS) - Part 3

Doing the math for AI risk.

Oct 13, 2023

The Artificial Intelligence Risk Scoring System (AIRSS) - Part 2

Defining business and security requirements.

Oct 6, 2023

The Artificial Intelligence Risk Scoring System (AIRSS) - Part 1

Setting the scope.

Sep 29, 2023 •

How to track AI vulnerabilities?

Not like the existing CVE regime.

Aug 25, 2023 •

Set up CISA Cyber Hygiene and put it on autopilot

The good, the bad, the ugly.

May 19, 2023 •

Vulnerability chaining: part 2, breaking through the exterior

Turning ideas into action.

Apr 7, 2023 •

Vulnerability chaining: part 1, a logical model

Laying the groundwork for a statistical one.

Mar 24, 2023 •

Can ChatGPT convert unstructured vulnerability reports into CycloneDX VEX statements (and vice versa)?

Diving into AI applications for cybersecurity.

Mar 10, 2023 •

What do exploit, exploitable, and exploit code mean in cybersecurity terms?

Trying to clear up some confusion.

Feb 24, 2023 •

What software security regulation should (not) look like

A response to CISA's recent Foreign Affairs piece.

Feb 3, 2023 •

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts