Do exploit code releases help or harm defenders? We decided to put this hotly contested debate to the test. The seventh volume of the Prioritization to Prediction series produced in conjunction with the Cyentia Institute attacks this debate from all angles. (more available)

This sixth volume of the Prioritization to Prediction series combines vulnerability data from Kenna’s customers with additional intelligence from Fortinet and others. (more available)

Covers the long tail of vulnerability patching, whereby vulnerabilities that are not fixed soon after detection can linger for months or more before being addressed. (more available)

P2P Volume 5 focuses on the differences between asset types (OS) and how vulnerabilities are treated on different platforms.

This research was commissioned by Kenna Security. Kenna collected and provided the remediation dataset to the Cyentia Institute for independent analysis and drafting of this report. (more available)

From the report, “The Prioritization to Prediction series is an ongoing research initiative between Kenna Security and the Cyentia Institute. The first volume proposed a model for predicting which of the numerous hardware and software vulnerabilities published each month were most likely to be exploited, and thus deserving of priority remediation. (more available)

From the report, ““Realized coverage & efficiency vary greatly among firms—over 50% between top and bottom performers—indicating different remediation strategies lead to very different outcomes. (more available)

From the report, “Welcome to the Monthly Threat Roundup report for Sept 2017. At Paladion CTAC we continuously track emerging threats and vulnerabilities and provide you timely actionable intelligence to stay safe. (more available)

How is cyber-resilience defined and measured? How are breach risk and cyber resilience related, and what is the best way to improve cyber-resilience for an enterprise? (more available)

“For a long time now, SOSS has provided a reliable yardstick for the most common vulnerabilities found in software, as well as how organizations are measuring up to security industry benchmarks throughout the software development lifecycle (SDLC). (more available)

This document discusses the vulnerabilities discovered by edgescanTM over the past year – 2016. The vulnerabilities discovered are a result of providing “Fullstack” continuous vulnerability management to a wide range of client verticals; from Small Businesses to Global Enterprises, From Telecoms & Media companies to Software Development, Gaming, Energy and Medical organisations. (more available)

This report takes a close look at vulnerability management and seeks to make it a far simpler task.

From the report, “Rather than provide a lengthy analysis of the data in this Stats Report in this introduction, we’ve decided instead to provide some “what this means to you” commentary at the end of the three main sections of the report; commentary that attempts to make the data relevant to Executives, Security practitioners and DevOps professionals. (more available)