In 2019, the number of new vulnerabilities published was more than double what we saw in 2016. 2020 is on track to break that record for a fourth year in a row, and more than ever, defenders and business leaders require the right tools and knowledge to make informed, time-critical decisions about the best strategies to reduce risk across their environments. Yet it’s also increasingly difficult to separate signal from noise in service of effective vulnerability risk management.
Red teams and offensive security researchers face a complementary set of challenges: How can we communicate effectively to clients and readers that the newest hotness—the niche attack targets and genuinely cool (but perhaps not high attack value) research—doesn’t supersede the importance of attending to older, less exciting types of risk?
Not all vulnerabilities are created equal
Earlier this year, Rapid7’s offensive security team wrote about a closed beta program for AttackerKB, a new resource that highlights diverse perspectives on which vulnerabilities make the most appealing targets for attackers. Over the last few months, beta users have shared their personal experiences, in-depth technical analyses, expert opinions, and mitigation advice, with particular attention to the qualities that make emergent vulnerabilities high-value for attackers and high-impac ..
Support the originator by clicking the read the rest link below.
