I wrote the following article to help clarify CyberSecurity Threats and vulnerabilities, so that we can facilitate better risk assessment. This assessment of software vulnerabilities was based on data pulled from the Common Vulnerability and Exposure database. For added context below I included statistics from Q1 RedSocks Report on Malware. It’s apparent that the CVE only registers a small percentage of the overall vulnerabilities. This report supports the need for ongoing vulnerability management, however there is an equally important emphasis on regular security testing and integration with product development and change management. Continue reading →