EPSS and vulnerability management: New scoring system shows promise
The Exploit Prediction Scoring System performs better than CISA's KEV and CVSS scores for vulnerabilities in the wild — but combining all three works best.
Jaikumar Vijayan
Freelance technology journalist. A former Senior Editor of Computerworld, Jai is a journalist and technology content writing specialist, with 20+ years of award-winning experience in IT trade journalism. He is a correspondent for the Christian Science Monitor and a contributor to Dark Reading, eWEEK, Datamation, IBM Security Intelligence, and Third Certainty. He writes features and covers breaking news stories on information security, data privacy, and big data/business analytics. His recent projects include ERP case studies and an e-book on enterprise mobility management best practices.
Posts from Jaikumar Vijayan
EPSS and vulnerability management: New scoring system shows promise
Do cybersecurity certifications still deliver? Experts share 6 key insights
With AI and the shift from the perimeter to the software supply chain as a primary attack vector, are certifications still relevant? Here's what top experts say.
5 SecOps automation challenges — and how to overcome them
Here are the key trends driving SecOps automation, its numerous benefits — and the main challenges organizations face when automating their SOC.
AppSec alert fatigue: 4 ways to reduce burnout — and boost security
Tool sprawl is making alert fatigue a major problem for teams responsible for application security. Here are four ways to combat it in your organization.
Security operations by the numbers: 30 cybersecurity stats that matter
Get up to speed on the state of SecOps with key takeaways from recent research and surveys of cybersecurity practitioners and leaders.
CISA's 'vulnrichment' aims to fix the NVD
The new program, which follows NIST's slowdown on the National Vulnerability Database, will enrich CVEs with contextual data for better vulnerability management.
Why GenAI fails at full SOC automation
In a new research note, Forrester analysts explain how the current limitations of AI-enabled SecOps tools keep autonomous security decision making out of reach.
NVD delays highlight vulnerability management woes: Put malware first
Here's what changes to the National Vulnerability Database mean for vulnerability management — and why you should instead focus on malware and tampering.
30 SSCS statistics that matter for software security teams
Understand the state of software supply chain security with key takeaways from recent research and surveys of application security and development pros.