Roy Horev

Recent Posts

Vulnerability Metrics - Which Matter and Which Don't

Posted by Roy Horev on Nov 1, 2018 1:39:51 PM

The best way to share information about the risks associated with vulnerabilities is via quantifying these risks – i.e. metrics. The question is, which metrics? In order to communicate a cohesive vulnerability narrative, in this post we’ve grouped some of the more common metrics – with the aim of helping you leverage the most useful ones, and steer clear of those that are not.

Read More

Topics: vulnerabilities

A Closer Look at Vulnerability Disclosure Policies

Posted by Roy Horev on Oct 17, 2018 4:48:34 AM

 

While technology companies aim to ensure that their products are watertight, the fact of the matter is that security vulnerabilities are discovered. But how they deal with these discoveries varies considerably.

The question is: should technology vendors keep vulnerabilities quiet or make them known?

Read More

Topics: vulnerabilities

Taking a Risk Based Approach to Vulnerability Management

Posted by Roy Horev on Oct 11, 2018 7:02:54 AM

The question of remediating every single vulnerability is moot. Given the massive amounts of vulnerabilities being disclosed every month, it’s logistically and organizationally unfeasible. At the enterprise level, even the largest IT team simply can’t handle all the vulnerabilities out there – nor, in truth do they need to.

Read More

Topics: vulnerabilities

Five Steps to Lower Cyber Risk with Better Vulnerability Management

Posted by Roy Horev on Sep 13, 2018 9:54:51 AM

 

In its 2018 “Global Risks Report,” the World Economic Forum – a prominent international policy think-tank – ranked cyber threats just below extreme weather events and natural disasters.

Read More

Topics: Cybersecurity, vulnerability remediation, Patching

How Three Large Enterprises Made the Move to DevSecOps

Posted by Roy Horev on Sep 5, 2018 9:50:34 AM

 

The demanding speed of today’s development cycles and flexibility of IT infrastructure provides a huge opportunity to move faster not only for the development teams, but for the security team as well. DevSecOps, specifically – the early integration of security into the development and deployment processes – allows even large organizations with large infrastructures to remediate security threats and exposures faster and in a fairly automated manner, speeding up deployment and release times and simplifying infrastructure and application security changes.

Read More

Topics: DevSecOps

DevSecOps: It's Time to Make the Move

Posted by Roy Horev on Aug 21, 2018 5:27:25 AM

 

DevOps took the software scene by storm in 2008, with the promise to reduce the time between changing a software system and that change being rolled out in a production environment – without compromising on quality. Basically, it was supposed to “turn the IT business model on its head with shorter cycle times, automation, and deep cross-functional integration to deliver the next great idea,” wrote cloud expert James D. Brown in 2013.

Read More

Topics: DevSecOps

The Top 7 Vulnerabilities of the Decade

Posted by Roy Horev on Jul 11, 2018 7:14:47 AM

 

With nearly 15,000 new vulnerabilities discovered in 2017, and even more expected this year – the competition for ‘worst vulnerability’ is a tough one to judge. The discovery of serious, severe or even critical vulnerabilities is a daily occurrence – and thus ranking them by level of infamy is an elusive challenge.

Read More

Topics: vulnerability remediation, vulnerabilities