Author Archives: guest blogger

The Role of Security Mapping in Vulnerability Management

guest blogger    February 7, 2013

Increasingly, security management organizations are coming to rely on a unique type of geography to recognize where threats and vulnerabilities are active, and where security exploits are occurring. The geography in question maps fairly closely to the physical map of the world. Because Internet links that connect sites and users to service providers are involved, along with prevailing local Internet… Read more »

Using Databases to Automate Assessment and Remediation

guest blogger    January 31, 2013

The National Vulnerability Database (aka NVD) is a US Government repository for standards-based vulnerability management data. Its content is represented using the Security Content Automation Protocol, SCAP (pronounced “ess-cap”). SCAP is designed to facilitate reporting, collection, management, and monitoring of vulnerability data through automated software facilities. SCAP encompasses a wide range of inputs and information, and enables automation of vulnerability management,… Read more »

The Real Value of Precognition

guest blogger    December 19, 2012

Vulnerability precognition is an interesting concept, but it leads to interesting and valuable threat mitigations. Rather than relying on some mystical ability to see events before they occur—the more usual meaning for “precognition”—vulnerability precognition arises from an assessment technique known as predictive analytics. It’s worth unpacking and exploring this terminology to get a sense not just for its meaning, but… Read more »

Crowdsourcing Vulnerability Intelligence

guest blogger    December 6, 2012

This is the first post in our guest blogging series. If you are interested in writing for Risk I/O, visit our Guest Blogging page for more information. Strictly speaking, crowdsourcing refers to a model for problem solving that depends on turning requests for information, service, or even ideas over to an unknown but reachable group of potential participants to seek… Read more »