Allie Mellen

This week, we saw the CVE process, as we know it, come hours from the brink of collapse when a memo started circulating on LinkedIn that DHS would cut funding to MITRE’s CVE cataloging on April 16. MITRE’s role in the CVE process is the crucial first step in assigning IDs to vulnerabilities so that practitioners, vendors, researchers, and governments across the globe can consistently reference the same vulnerability. The process also allows for responsible disclosures and accountability for vulnerabilities to software companies.

Government agencies at the federal, state, and local levels must prepare for a future where they experience uncertainty, headcount reductions, contract cancellations, and budget cuts. This is gut-wrenchingly difficult to process, yet remaining leaders must figure out how to move forward to serve the mission. For public sector cybersecurity leaders, this is even more paramount. […]

2025 started with a bang! Technology and geopolitics are changing so fast that many can’t keep track of the latest trends, with an announcement of new, benchmark-shattering genAI-related tech seemingly every week.

The core themes of The-C2 conference in London were artificial intelligence, supply chain security, and cyber hygiene. Get a closer look at how these themes may impact security professionals in this recap.

Learn what the largest-ever acquisition in cybersecurity means both for Google and the CNAPP space.

As vendors come out of the woodwork announcing their “agentic AI” innovations, we explore what the term truly encompasses and what is hype.

Last week, I attended the AV-Comparatives conference in Innsbruck, Austria. This conference brought together many cybersecurity vendors, particularly those with a European focus, as well as a few nonprofits, academic institutions, and analyst firms.

MITRE released its latest Enterprise MITRE ATT&CK Evaluations in December of 2024. At that time, we published a blog with a quick overview of the results. Today, we’re excited to announce that we have released three new pieces of research about this round of evaluations.

DeepSeek’s open-source model, DeepThink (R1), has sent shock waves across the tech world. But there are far-reaching implications to this important AI development.

Forrester's security and risk research team breaks down the key highlights and implications of former US President Joe Biden’s 2025 Executive Order (EO) 14144 on strengthening security, improving accountability for software and cloud service providers, and promoting innovation, including use of emerging technologies.

The MITRE Engenuity ATT&CK Evaluations 2024 results are out. Get a detailed review in this preview of an upcoming report.

Data ingestion into security information and event management (SIEM) have been too expensive for too long. Find out what's driving up the cost and how to manage it better in this post.

Patchy AI standards and regulations across the globe will result in some organizations faring better than others when it comes to building and maintaining trust. Learn more in this preview of our 2025 trust predictions.

Forrester is once again partnering with Women in Security and Privacy to provide free admission to our Security & Risk Summit for four women looking to break into cybersecurity. Learn the details and find out how to apply for the scholarship here.

Here are the top things you need to know coming out of CrowdStrike's recently held Fal.Con user conference, just two months after its config update took down 8.5 million Windows endpoints.

What happens when five security analysts gather at a security conference in Las Vegas? Stuff gets broke. Find out more in this review of the recent BlackHat USA event.

The July 19 CrowdStrike Falcon outage created major trust issues for the company and the broader security market. What's next for CrowdStrike? Find out as we make several predictions on where the company will go next.

Crises such as the one triggered by CrowdStrike's global outage shine a bright light on many aspects of business and technology. Our new report provides a thorough overview of recommended actions for tech leaders as they face the unfolding long-term repercussions.

Technology leaders woke up this morning to find that a software update by cybersecurity vendor CrowdStrike had gone badly wrong. Get updates on the steps that your organization should take now and in the long term as a result of the CrowdStrike outage.