Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

November 2023

Applied Lessons from Product Security Teams in Vulnerability Management | Nucleus Security

Product security and vulnerability management have become critical components of an organization's overall cybersecurity strategy. However, these two teams often face challenges in working together effectively, leading to misalignment and potential security gaps. Patrick Garrity hosted a roundtable discussion with industry experts Matthew Clapham and Scott Kuffer to share applied lessons from product security teams and vulnerability management.

The Rise In Vulnerability Disclosure, Exploitation and Threat Intelligence

Patrick Garrity, Security Researcher at Nucleus Security, discusses the rise of vulnerabilities exploitation and threat intelligence in the field of vulnerability management. He highlights the history of vulnerability management, the increase in vulnerabilities and exploitation, the limitations of the common vulnerability scoring system (CVSS), and the emergence of vulnerability threat intelligence. Patrick also emphasizes the importance of open-source intelligence, such as CISA's Known Exploited Vulnerabilities (KEV) List and the Exploit Prediction Scoring System (EPSS), as well as the value of commercial threat intelligence.

Nucleus Product Update 3.9

Welcome to the Nucleus Product Update 3.9. As we approach Thanksgiving, we’d like to start by expressing our appreciation for you and the rest of the Nucleus family. Thank you for being a part of our community and contributing to our collective growth and success. We have so much to be thankful for this year, especially YOU! We hope you have a wonderful holiday celebrating all there is to be grateful for and enjoying a great meal with the people you love most.

How CISO's Should Approach Security Vulnerability Risk

Patrick Garrity, Security Researcher at Nucleus Security, interviews Aleksandr Yompolski, CEO of Security Scorecard, about the evolving cybersecurity landscape and the role of security ratings and risk assessments. They discuss the challenges organizations face in defending against exploitation attacks, the need for collaboration and communication in the industry, and the importance of balancing security and business agility.

NYDFS Regulatory Changes: Vulnerability Management and Risk Assessment

The financial sector is constantly adapting to emerging threats and regulatory changes. The New York Department of Financial Services (NYDFS) is at the forefront of cybersecurity regulation, ensuring that covered entities within the state maintain robust cybersecurity programs. In this blog post, we’ll dive into the recent changes to NYDFS regulations, specifically focusing on vulnerability management and an updated definition of risk assessment.