Tag Archives: vulnerability assessment

Celebrity Treatment: How Vulns are Being Hyped, and When to Pay Attention

Ed Bellis    July 15, 2016

Like it or not, we live in an era of manufactured celebrity and large-scale hype creation. While this can make it easy to keep tabs on movie stars’ relationships, it doesn’t help security teams stay on top of what’s really important. To prioritize their efforts, there are five factors security teams should look at in assessing the true risk of… Read more »

Must-Have Metrics for Vulnerability Management: Part I

Ed Bellis    March 29, 2016

In this series of blog posts, we’ll cover the must-have metrics for vulnerability management. The rising cadence of automated attacks means that security teams need to strive to make their own practices as precise and metric-driven as possible. Pouring through spreadsheets and creating 500-page PDFs is no longer enough to ensure that critical vulnerabilities are remediated in time. But what’s… Read more »

How Reporting on Risk to the Board is Being Done Today

Ed Bellis    January 4, 2016

When I ran security at Orbitz, reporting on risk was always a challenge. My team wanted to ensure that we had a clear way to paint a picture of the organization’s exposure to risk—as well as describe the actions we had taken, month by month, in order to reduce that risk. But frankly, we weren’t very good at it. We… Read more »

The Scanner That Cried Wolf

Ed Bellis    January 5, 2012

Dealing with false positives during a vulnerability assessment is a fact of life. As applications and infrastructure grow larger and more complex, the likelihood of running into these Type I errors increases along with it. Although these issues become more commonplace as you grow, there are a number of known ways to help decrease the amount of false positives that are produced… Read more »

Risk I/O Joins Rapid7’s Technology Alliances

Andrea Bailiff-Gush    December 14, 2011

We are pleased to announce our recent entry into the Technology Alliances program with Rapid7. Earlier this year, Rapid7 and Risk I/O collaborated to create a simple out-of-the-box connector that pulls vulnerability scan data directly from Rapid7’s Nexpose, and uses Risk I/O to aggregate, correlate and prioritize vulnerabilities for the most effective remediation of possible security threats. Through this collaboration, Nexpose users can… Read more »

Ohai HP – It’s Us Again

Ed Bellis    November 4, 2011

Fresh off the heals of launching our HP Fortify connector to integrate your static analysis findings, we’d like to announce our newest connector in the family. This time from HP’s dynamic side of the house – HP WebInspect. If you’re currently using this vulnerability assessment tool as part of your application security program, you can now connect your instance into Risk… Read more »

Register for our Webinar on Risk I/O & QualysGuard Integration

Andrea Bailiff-Gush    October 25, 2011

Following on the heels of our recent integration announcement with Qualys, Risk I/O would like to invite you to our upcoming webinar, Complete Vulnerability Management with QualysGuard and Risk I/O on November 2nd @ 1 PM CDT. Led by Corey Bodzin, Direct of Product Management at Qualys, and Ed Bellis, CEO at Risk I/O, this webinar will provide an overview of the integration between… Read more »

Risk I/O Partners with Qualys Security as a Service Platform

Ed Bellis    October 12, 2011

We are pleased to announce our recent entry into the Solution & Technology Partners Program with Qualys. Qualys and Risk I/O have collaborated to create a simple out-of-the-box connector that pulls vulnerability scan data directly from QualysGuard, and uses Risk I/O to aggregate, correlate and prioritize vulnerabilities for the most effective remediation of possible security threats. Under this partnership, QualysGuard… Read more »

Vulnerability Assessment Data Analysis

Ed Bellis    August 29, 2011

A couple of weeks ago we asked you to help us build our roadmap by completing a short survey. We wanted to ensure we were integrating with the vulnerability assessment and remediation tools that were most valuable to our audience. I initially thought we would be able to pull this information from the analysts but had very little luck with… Read more »