CISA's 'vulnrichment' aims to fix the NVD
The new program, which follows NIST's slowdown on the National Vulnerability Database, will enrich CVEs with contextual data for better vulnerability management.
Jaikumar Vijayan
Freelance technology journalist. A former Senior Editor of Computerworld, Jai is a journalist and technology content writing specialist, with 20+ years of award-winning experience in IT trade journalism. He is a correspondent for the Christian Science Monitor and a contributor to Dark Reading, eWEEK, Datamation, IBM Security Intelligence, and Third Certainty. He writes features and covers breaking news stories on information security, data privacy, and big data/business analytics. His recent projects include ERP case studies and an e-book on enterprise mobility management best practices.
Posts from Jaikumar Vijayan
CISA's 'vulnrichment' aims to fix the NVD
Why GenAI fails at full SOC automation
In a new research note, Forrester analysts explain how the current limitations of AI-enabled SecOps tools keep autonomous security decision making out of reach.
NVD delays highlight vulnerability management woes: Put malware first
Here's what changes to the National Vulnerability Database mean for vulnerability management — and why you should instead focus on malware and tampering.
30 SSCS statistics that matter for software security teams
Understand the state of software supply chain security with key takeaways from recent research and surveys of application security and development pros.
5 reasons you should consider a career in application security
There are many reasons to consider a career in AppSec, but one stands out: Software supply attacks are creating job security and opportunity.
Secure your AI development tools: 4 key questions to ask
When using AI tools including GitHub Copilot, your security team must be aware of — and protect against — certain risks. Here are the top considerations.
.webp&w=3840&q=75)
ESF steps up supply chain security guidance with call for binary analysis
To advance the state of software supply chain security and better mitigate risk, the Enduring Security Framework group has highlighted the need for binary analysis and reproducible builds.
MFA and software supply chain security: It's no magic bullet
SolarWinds, Codecov, and Kaseya showed how adversaries with access to a development environment can wreak havoc. Multifactor authentication is key, but it's not an "end-all solution."
The AI executive order: What AppSec teams need to know
While the new White House EO is largely focused on foundational AI, security teams reviewing AI initiatives are still in the hot seat.