Security Science
Latest Episodes
Why Hasn't Cybersecurity Been Automated?
We discuss why the promise of automating cybersecurity has yet to be fully realized.
What To Look For In CVEs
CVE data is often misinterpreted. Jerry Gamblin discusses why that is and what to look for to get the most out of CVE data.
Measuring and Minimizing Exploitability w/ Cyentia Institute
We hop on the line with the Cyentia Institute to discuss our latest joint research, Prioritization to Prediction, Volume 8: Measuring and Minimizing Exploitability. The new repor
Establishing Defender Advantage w/ Cyentia Institute
We tackle a hotly contested debate as old as cybersecurity itself: does releasing exploit code do more harm than good?
How CIOs Get Things Done
We interview Collin Boyce, Chief Information Officer for the City of Tucson, Arizona and discuss his process of turning impossible ideas into real projects that achieve meaningful results.
Counting CVEs
Dive into a quick history of the CVE List as we kick off a quarterly update that tracks the progress of new CVEs issued.
Vulnerability Disclosure and Responsible Exposure
We discuss and add some quantifiable data to a hot-button issue in the cybersecurity industry: responsible disclosure of vulnerabilities and exploits.
Risk, Measured: 7 Characteristics of Good Metrics
Continuing our miniseries into Risk, Measured: we go back to statistics class and discuss some of the characteristics of good metrics to help people understand what you should be looking for when y
Why Vulnerability Scores Can’t Be Looked At In A Vacuum
Sometimes a number is just a number. Context - the information and environment around the number - is what really matters. We discuss how this concept holds especially true in vulnerability managem