Sitemap - 2022 - Deploy Securely
The Chinese Government was probably responsible for the 2022 LastPass hack
Why your company might NOT need a SOC 2 report
ChatGPT's implications for cybersecurity
Security questionnaires as a hazing ritual
Confronting the weaknesses of the NVD and CVE system
Vulnerability notification and disclosure
How should federal agencies prioritize vulnerabilities?
Revealing the government's approach to vulnerability management
Manage Google Drive security in 60 seconds
Why you probably should use the EPSS
Reviewing Palantir's vulnerability management program
What is a software supply chain attack?
Confronting the government's latest secure software development guidance
NIST SP 800-53 (rev. 5, of course)
Deploying securely, the government way
The case for a SaaS bill of materials
The NIST Cybersecurity Framework
The four horsemen of risk management
The Cyber Safety Review Board of the log4shell incident
Vulnerability management in contracts
Coordinated Vulnerability Disclosure (CVD) Programs
How to communicate about CVE exploitability without having to fix all "highs and criticals."
The Deploy Securely risk assessment model - version 1.0.1
The Deploy Securely risk assessment model - version 0.3
Exploit Prediction Scoring System (EPSS): a deep dive
Technical due diligence for identifying cybersecurity risk in external parties
External audits: a better solution for 3rd (and greater) party risk management?
Security questionnaires: worth the trouble?
Manage unknown cyber risk from 3rd (and greater) party software and systems
The federal government doesn't sound like it understands cyber risk management