Skip to main content

4 posts tagged with "sdlc"

View All Tags

· 2 min read
Yiannis Pavlosoglou
Free Wortley

The CISA Known Exploited Vulnerabilities Catalog

The US Cybersecurity & Infrastructure Security Agency (CISA) maintains a catalog of vulnerabilities which are known to be actively exploited in the wild.

As of January 2023, this list contains 871 vulnerabilities ranging from multiple product remote code execution vulnerabilities to vulnerabilities on frameworks such as Apache Struts, Log4Shell and similar.

· 6 min read
Forrest Allison
Alex Vanderpot
Free Wortley

Vulnerability Severity Scoring

Most Security folks are already familiar with CVSS as a framework used by NVD to try to assign a quantifiable severity score to vulnerabilities. They also know to never take CVSS scores at face value and to always view them with a grain of salt.

Why can't we trust CVSS alone? Simply put: Because CVSS doesn't include how likely a vulnerability is to be exploited in reality. It's just a formula that lives in a vacuum and lacks the context necessary to help organizations accurately assess the risk of a breach if left unpatched.

That's where an exciting new effort, called EPSS, comes in.

What is EPSS?

· 6 min read
Free Wortley
Text4Shell Logo

What is Text4Shell?

Text4Shell is a vulnerability in the Java library Apache Commons Text. This vulnerability, in specific conditions, allows an attacker to execute arbitrary code on the victim's machine (Remote Code Execution or "RCE"). The vulnerability was discovered by Alvaro Muñoz (aka pwntester) and announced publicly on October 13th

Text4Shell was officially assigned the CVE-2022-42889 identifier.

· 19 min read
Chris Thompson
Free Wortley

Security is Everything

If you're thinking about security for your company, but you don't know where to start, then you've come to right place.

Security spans the entirety of your company, all the way from how you onboard employees to the dependencies you import, but adding security comes at a cost: More secure systems are often more complicated to use.

Given that tradeoff, which areas of security should you focus on first?

We'll be answering that question today, based on our conversations with hundreds of companies, and we'll be offering our advice about how you can balance between security and usability as you grow.