Probably Don’t Rely on EPSS Yet
This post evaluates the pros and cons of the Exploit Prediction Scoring System (EPSS), a data-driven model designed to estimate the probability that software vulnerabilities will be exploited in practice.
Read MoreThis post evaluates the pros and cons of the Exploit Prediction Scoring System (EPSS), a data-driven model designed to estimate the probability that software vulnerabilities will be exploited in practice.
Read MoreThis blog post focuses on how the vulnerabilities in firmware popularized by the Uniform Extensible Firmware Interface create a lucrative target for high-profile attackers.
Read MoreThis post introduces Vultron, a protocol for multi-party coordinated vulnerability disclosure (MPCVD).
Read MoreThis blog post expands on concerns brought to light from recent UEFI attacks, such as BlackLotus, and highlights 5 recommendations to secure and restore trust in the UEFI ecosystem.
Read MoreSevere CSRF to XSS bugs open the door to code execution and complete website compromise.
Read MoreImportant-rated EoP flaws make up the bulk of the CVEs; SharePoint continues its critical run with four worrying bugs.
Read MoreNearly a quarter of endpoints still run Windows 7, even though support and security patches have ended.
Read MoreA lack of awareness about where and how open-source libraries are being used is problematic, researchers say.
Read MoreResearchers say the bugs are easy to exploit and will likely be weaponized within a day.
Read More