Tag: Vulnerability History

  • Is the Kaseya Hack Actually a Supply Chain Attack?

    Is the Kaseya Hack Actually a Supply Chain Attack?

    [This was originally published on RiskBasedSecurity.com as part of a larger series on the Kaseya breach.] What is a Supply Chain Anyway? Within hours of the Kaseya breach becoming public, some critics called out that it was being incorrectly labelled as a supply chain attack. As Nick Carr pointed out, “precise language is important in…

  • The Value of Backfilling

    The Value of Backfilling

    [This was originally published on RiskBasedSecurity.com.] In every quarterly Vulnerability QuickView Report, we include a chart that shows how many vulnerabilities were disclosed so far that year, along with the most current counts of prior periods to show relative growth and decline.  In some cases, like this year’s Q1, that chart shows a decline compared…

  • 112 Years of Vulnerabilities: How did we get here, knowing what we know?

    I gave a presentation on computer vulnerability history at BSides Delaware in November, 2013. Shortly after, I gave the presentation a couple times at Westchester Community College and the University of Pennsylvania, along with a brief version for the Invisible Harms conference at UPenn. The linked version is the revised copy after my initial run at BSidesDE. The talk gives a…