Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
We dive deeper into a specific area where asset attribution can be particularly nuanced: assessing service providers’ security posture.
Want to know about Yet Another Vulnerability Scoring System (YASS)? Ben Edwards breaks down Stakeholder Specific Vulnerability Categorization and how to make it work.
An in-depth look into Web Application Security, and Bitsight's approach to related security metrics.
Our latest research, a collaboration between Bitsight TRACE & the security researcher Gi7w0rm, has uncovered additional details & information about the 7777 Botnet.
This blog follows up with an update on our data engine and the momentum we’re seeing with the second core component: Bitsight Graph of Internet Assets (GIA)
METI announced its intention to implement a cybersecurity rating system for companies by fiscal year 2025. Here are the key aspects of the planned system.
We cover investments that Bitsight is making to greatly scale out our vulnerability coverage in record time through automation.
We will focus on understanding a very specific NIS2 requirement: Coordinated Risk Assessments. Let’s explore what that means.
Many organizations view parked domains as dormant, low-risk, and not worth the investment in robust security measures. This is a misconception. Here's why.
Much of your daily life depends on Industrial Control Systems(ICSs). We’ll cover ICSs unique characteristics and some of the challenges in applying IT security practices or technology to them.
Read this blog to discover how tackling technical debt can transform your cybersecurity strategy, boost efficiency, and ensure compliance.
Before Crowdstrike caused the world to melt down for a few days, the talk of the security town was a recent OpenSSH vulnerability. Let's revisit CVE-2024-6387.
Trust Management Hub gives GRC teams a centralized & scalable way to manage & share critical security questionnaires and documentation.
Bitsight's analysis of the CrowdStrike outage and timeline mysteries.
Organizations today aren’t single entities—they are interconnected networks of third parties. And while third party relations are critical for success in most businesses, they also leave data more vulnerable to exposure from bad actors. Because of this, vendor risk management (VRM) is becoming an even more important business practice.