Who can see your viewing activity?
If anyone has questions as we go through the findings, feel free to ask them here. I'll do my best to monitor and respond. Thanks!
After remediation how does a company get back with SS to reassess for improved score?
we'll look at this for exploited vulns in a moment
Without knowing the severity of the vulns, it's difficult to draw conclusions from the statistics. Most orgs will fix high severity findings quickly but low severity findings can be put off for a long time.
Thus overall security is improving at a faster clip than the raw numbers would suggest.
Can you share a little more about how the vulnerabilities are detected? Were they discovered via CPE matching, or is there any active testing of vulnerabilities? Are there any trends in the vulnerabilties like ... app vs webserver vs network devices?
Coming from someone who's worked in nuclear, they also tend to have the lowest number of exposed assets.
I've also worked in healthcare. They're chronically underfunded, understaffed, and highly regulated. Not a good combo.
SS for M&A would be of value I see. Same for how companies look at your business as a 3PR vendor.
bleepingcomputer.com is an invaluable resource for keeping up with this kind of stuff.
Cyentia does some great work!
Yes! We will be sending a follow-up with the link to the recording!
Wades' collection of Star Wars stuff is impressive :D