Security Science

Security Science

Latest Episodes

Why Hasn't Cybersecurity Been Automated?
February 16, 2022

We discuss why the promise of automating cybersecurity has yet to be fully realized.

What To Look For In CVEs
February 02, 2022

CVE data is often misinterpreted. Jerry Gamblin discusses why that is and what to look for to get the most out of CVE data.

Measuring and Minimizing Exploitability w/ Cyentia Institute
January 19, 2022

We hop on the line with the Cyentia Institute to discuss our latest joint research, Prioritization to Prediction, Volume 8: Measuring and Minimizing Exploitability. The new repor

Establishing Defender Advantage w/ Cyentia Institute
June 02, 2021

We tackle a hotly contested debate as old as cybersecurity itself: does releasing exploit code do more harm than good?

How CIOs Get Things Done
May 26, 2021

We interview Collin Boyce, Chief Information Officer for the City of Tucson, Arizona and discuss his process of turning impossible ideas into real projects that achieve meaningful results.

Counting CVEs
April 07, 2021

Dive into a quick history of the CVE List as we kick off a quarterly update that tracks the progress of new CVEs issued.

Vulnerability Disclosure and Responsible Exposure
March 31, 2021

We discuss and add some quantifiable data to a hot-button issue in the cybersecurity industry: responsible disclosure of vulnerabilities and exploits.

Risk, Measured: 7 Characteristics of Good Metrics
March 17, 2021

Continuing our miniseries into Risk, Measured: we go back to statistics class and discuss some of the characteristics of good metrics to help people understand what you should be looking for when y

Why Vulnerability Scores Can’t Be Looked At In A Vacuum
March 10, 2021

Sometimes a number is just a number. Context - the information and environment around the number - is what really matters. We discuss how this concept holds especially true in vulnerability managem