Operations | Monitoring | ITSM | DevOps | Cloud

What CISOs Get Wrong About Vulnerability Scanning-and How Exposure Management Fixes It

What CISOs Get Wrong About Vulnerability Scanning-and How Exposure Management Fixes It

Jul 7, 2025 By OpsMatters In OpsMatters
Many CISOs managing critical infrastructure mistakenly treat vulnerability scanning as a complete solution for cyber risk reduction. While these scans are essential, relying on them alone leaves critical systems exposed to modern, sophisticated threats. Scans provide a snapshot in time-not a full picture of risk. As attackers become more agile and stealthy, this limited visibility creates blind spots, especially in high-risk industries like energy, healthcare, and telecommunications. That's where exposure management in cybersecurity steps in-not as a replacement, but as a vital evolution.
Read Post

Understanding CVSS and Scanner Severity Scores in Vulnerability Management #shorts

Jul 2, 2025 By Ivanti In Ivanti
Understanding CVSS and Scanner Severity Scores in Vulnerability Management Organizations prioritize remediation of exposures using CVSS and scanner severity scores. These scores emphasize severity over actual risk, which is tied to vulnerabilities that are actively exploited. Research shows that CVSS scores can exaggerate the criticality of vulnerabilities, leading to excessive remediation efforts. This misalignment may cause critical vulnerabilities to be rated as medium risk, leaving them unaddressed in organizations that depend solely on CVSS for prioritization.
View Video

NuttX Bluetooth Vulnerability Explained

Jul 1, 2025 By Memfault In Memfault
Discover the hidden vulnerabilities lurking in even the most trusted software! In this video, François Baldassari dives into the shocking reality of a recent CVE filed against NuttX, revealing how easily mature projects can expose your products to security threats. Are you up-to-date with your RTOS? Find out what steps you need to take to protect your systems now!
View Video
grafana

How to detect vulnerable GitHub Actions at scale with Zizmor

Jun 26, 2025 By James Crocker In Grafana
As we previously reported on April 26, 2025, we had a security incident via an insecure GitHub Action and we have since published a post-incident review. We have confirmed that there has been no code modification, unauthorized access to production systems, exposure of customer data, or access to personal information.
Read Post

Inside Vulnerability Management: Live Demo & Roadmap

Jun 25, 2025 By N-able In N-able
Explore what’s new — and what’s coming next — in Vulnerability Management for N-central and N-sight. Hosted by Product Manager Geoff Green, this session covers current capabilities, recent enhancements, and a look at the roadmap. Watch the live demo, hear how your feedback is shaping development, and get answers to top questions in the live Q&A. Now included in both N-central and N-sight RMM platforms.
View Video

Seal the Silo: Unifying Vulnerability and App Security with a Risk-Based Approach

Jun 25, 2025 By Ivanti In Ivanti
Seal the Silo: Unifying Vulnerability and App Security with a Risk-Based Approach Too often, security teams assess infrastructure and application exposure risks in silos, leading to fragmented insights and misaligned remediation priorities. Taking this disjointed approach makes it harder to reduce your overall risk and weakens your security posture.
View Video
cloudsmith

OWASP CI/CD Part 8: Ungoverned Usage of 3rd Party Services

Jun 20, 2025 By Nigel Douglas In Cloudsmith
The boundaries of what organizations build internally and what they adopt externally have blurred. Developers routinely integrate third-party services into critical CI/CD pipelines, often with minimal friction and limited oversight. This rapid plug-and-play convenience, while key to modern engineering velocity, is also quietly expanding the attack surface in ways many teams struggle to track - let alone govern.
Read Post

Understanding Vulnerability and Patch Management Challenges #shorts

Jun 16, 2025 By Ivanti In Ivanti
Understanding Vulnerability and Patch Management Challenges Vulnerability and patch management often face challenges due to persistent false findings. OS updates can create missed maintenance windows, leaving systems exposed. Applying cumulative updates correctly can help resolve these issues. However, systems may still show as up to date while harboring vulnerabilities due to misidentified software. A notable example is a Java vulnerability that continues to exist despite updates, as it is part of a custom solution.
View Video
cloudsmith

OWASP CI/CD Part 7: Insecure System Configuration

Jun 16, 2025 By Nigel Douglas In Cloudsmith
Insecure system configuration is a textbook example of how neglected settings can create an entry point for attackers targeting your CI/CD pipelines. It’s rarely the cutting-edge zero-day that causes a breach. More often, it’s the unpatched service, the overly permissive role, or the default password that was never changed. While this risk overlaps with CI/CD credential hygiene (covered in Part 6 of our OWASP CI/CD series), the focus here is much broader.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.