Category Archives: Vulnerability Database

What You Miss When You Rely on CVSS Scores

Michael Roytman    February 26, 2015

Effective prioritization of vulnerabilities is essential to staying ahead of your attackers. While your threat intelligence might expose a wealth of information about attackers and attack paths, integrating it into decision-making is no easy task. Too often, we make the mistake of taking the data given to us for granted – and this has disastrous consequences. In this blog post,… Read more »

“Threat Intelligence” By Any Other Name: RSA 2014 Recap

Michael Roytman    March 4, 2014

I’m told that every year RSA has a theme, and that this theme is predictive of the year to come for the information security industry. Sometimes, that theme is hidden. Other times, (such as last year) that theme is a race car engine with the words “Big Data” splattered all over it jumping out at you on every corner. At… Read more »

Introducing Quick Lists

Ed Bellis    July 24, 2013

As you may have read, the Risk I/O platform now correlates live Internet attack data with your vulnerabilities. As your vulnerabilities are processed, we append any vulnerability with additional data around attacks, threats, or exploits. Together, they help to identify where attacks are most likely to occur within your environment. With the addition of this data, Risk I/O is now… Read more »

Using Databases to Automate Assessment and Remediation

guest blogger    January 31, 2013

The National Vulnerability Database (aka NVD) is a US Government repository for standards-based vulnerability management data. Its content is represented using the Security Content Automation Protocol, SCAP (pronounced “ess-cap”). SCAP is designed to facilitate reporting, collection, management, and monitoring of vulnerability data through automated software facilities. SCAP encompasses a wide range of inputs and information,¬†and enables automation of vulnerability management,… Read more »