Category Archives: Feature Release

Introducing RiskDB

jheuer    December 4, 2012

Today we’re launching RiskDB, a free, centralized, and open repository of vulnerabilities sourced from public databases. It provides up-to-the-minute information on security-related software flaws, misconfigurations, and threat advisories. We think RiskDB will be one of the easiest ways to stay on top of vulnerabilities relevant to the infrastructure you’re responsible for. For a quick search, just enter your query in the… Read more »

Validating Vulnerabilities with Metasploit

Ed Bellis    September 13, 2012

We recently added the ability to track publicly available exploits for any vulnerabilities discovered in your environment, regardless of how they were discovered. We viewed this as a step in the right direction and one of many factors that go into prioritizing remediation efforts. Our friend Mike Rothman over at Securosis took notice of this, both acknowledging the need while… Read more »

Hitting Above the Security Mendoza Line

Ed Bellis    August 14, 2012

Risk I/O can now be used to identify publicly available exploits to your existing vulnerabilities. Our development team has made it possible for Risk I/O to match attack vectors from databases of quality assured exploits, such as Metasploit and ExploitDB, to applicable vulnerabilities. This information, paired with vulnerability data from assessment tools, allows you to understand how your organization is… Read more »

Another Week, Another Integration: Retina meet Risk I/O

Andrea Bailiff-Gush    May 30, 2012

We’re beginning to sound a bit like a broken record, but yes, this week we launched another out-of-the-box integration with Risk I/O. Our goal has always been to build a complete vulnerability management platform that works with the tools you’re already using. That’s why we’ve added eEye Digital Security’s Retina Network Security Scanner to our arsenal of integrations. As a connector, you can… Read more »

Now Serving Veracode Users

Andrea Bailiff-Gush    May 15, 2012

Following our recent integration with Portswigger’s Burp web scanner, our development team has added another vulnerability assessment tool to Risk I/O. Integration with Veracode static analysis is now available! If you use Veracode to scan your applications for security flaws, you’ll be happy to learn that you can now plug it into Risk I/O to manage and monitor the vulnerabilities that… Read more »

Our Latest Integration

Ed Bellis    March 26, 2012

Hot on the heels of launching role-based access control which allows you to control who has access to what in Risk I/O (all the way down to the vulnerability level), we have added integration with a new vulnerability assessment tool. (Drum roll please…) We are happy to announce that integration with the Burp Scanner is now available in Risk I/O! For… Read more »

Give ‘Em What They Want… and Nothing More

Ed Bellis    March 1, 2012

A lot of Risk I/O users rely on bug tracking and trouble ticketing to track their remediation workflow including status, ownership and due dates. We built Risk I/O to integrate directly into these solutions so our customers would never have to leave while tracking to close. That’s all well and good, but we have others who prefer not to use… Read more »

Special Orders Don’t Upset Us

Ed Bellis    January 18, 2012

Just a quick post to give you an update on one of our newest features. A few months back we wrote about custom fields in Risk I/O and how to add your own data and metadata to your vulnerabilities and assets. Today I’m writing about taking this customization to the next step. We recognize different people within your company are… Read more »

Our Newest Addition Is Big & Blue

Ed Bellis    September 23, 2011

Our Risk I/O family keeps growing. Today, we added yet another connector to the already growing list of vulnerability assessment connectors in our family. We are very excited to welcome IBM’s AppScan as our newest addition! With our newest connector, you can now integrate directly within your AppScan vulnerability scanner. This empowers you to scan applications, identify vulnerabilities, and generate… Read more »