Erik Nost

This week, we saw the CVE process, as we know it, come hours from the brink of collapse when a memo started circulating on LinkedIn that DHS would cut funding to MITRE’s CVE cataloging on April 16. MITRE’s role in the CVE process is the crucial first step in assigning IDs to vulnerabilities so that practitioners, vendors, researchers, and governments across the globe can consistently reference the same vulnerability. The process also allows for responsible disclosures and accountability for vulnerabilities to software companies.

Government agencies at the federal, state, and local levels must prepare for a future where they experience uncertainty, headcount reductions, contract cancellations, and budget cuts. This is gut-wrenchingly difficult to process, yet remaining leaders must figure out how to move forward to serve the mission. For public sector cybersecurity leaders, this is even more paramount. […]

Cybersecurity vendor ThreatLocker recently hosted its fifth annual Zero Trust World (ZTW) conference in Orlando, welcoming attendees from 28 countries to learn about Zero Trust principles and ThreatLocker offerings. Over two days, the event celebrated Zero Trust as a cybersecurity model and the ThreatLocker approach for achieving Zero Trust. Industry leaders, managed service providers, security […]

As spectators tuned in to Super Bowl LIX to indulge in American culture rife with consumerism, T. Swift, and rap feuds, the buzz was less around the game and more on determining who is pro football’s GOAT (greatest of all time).

The proactive security market is consolidating further as exposure management vendor Tenable announced its intent to acquire Vulcan Cyber, a unified vulnerability management (UVM) vendor that specializes in third-party vulnerability collection, vulnerability response, and application security posture management. This acquisition demonstrates how vendors are reacting to CISOs’ continued need to unify and consolidate their fragmented […]

We’re excited to announce the inaugural release of a Forrester Wave™ evaluation covering attack surface management (ASM) solutions. We evaluated the 11 most significant ASM vendors in what is currently a rapidly evolving market segment. Forrester covers ASM and periphery markets such as exposure management and vulnerability risk management (VRM), as these segments all contribute […]

What happens when five security analysts gather at a security conference in Las Vegas? Stuff gets broke. Find out more in this review of the recent BlackHat USA event.

While no trip to the RSA Conference is complete without seeing what security vendors are up to, this year, expect to be asked an intriguing question: “How proactive are you?” Find out why this will be such a popular question in this post.

Hans Christian Anderson’s classic tale of the emperor that gets duped into a fancy, new, and invisible wardrobe provides lessons in swindling, pride, and truth. It’s only when the emperor struts in front of the commoners that a child finally states, “Wait a minute — there’s nothing to this outfit. He’s not wearing anything.” As […]

Vulnerability risk management (VRM) solutions look very different today than they did in 2019. Learn what's changed in our new Wave report.

Learn how focusing on proactive security behaviors can relieve the ongoing security intrusions that reactive security teams must address.

Vulnerability management, like flossing, is not fun, exciting, or sexy, but we know that it’s a necessary component of good hygiene. There’s a ton of evidence and research to strongly substantiate its benefits, and yet we frequently struggle to do it despite clearly understanding the consequences — we certainly don’t want a root canal! Yet, […]

We’re excited to announce our latest research on vulnerability risk management (VRM) and security operations center (SOC) teams. VRM and SOC teams are pivotal parts of the security organization, with different responsibilities but shared challenges. When Allie and I kicked off our research on interlocks between these teams earlier this year, we weren’t sure what […]

What do organizations use VRM for? Learn the five top use cases in this preview of our new report: The Vulnerability Risk Management Landscape, Q2 2023.

There's growing hype around generative AI in the security world, some of it warranted, some of it not so much. Learn more by reading the Forrester security and risk team’s key perspectives from RSAC 2023.

Ransomware Vulnerability Warnings Are Coming To A Critical Infrastructure Near You The US Cybersecurity and Infrastructure Security Agency (CISA) launched the Ransomware Vulnerability Warning Pilot (RVWP) in January 2023 in response to ongoing concerns about the threat of ransomware. This is the CISA’s ransomware-centric take on external attack surface management for critical infrastructure. The RVWP pilot […]

The External Attack Surface Management Landscape, Q1 2023 is now available! Forrester clients can view the report to dive deeper into the benefits of EASM and key functionalities to assess when selecting an EASM vendor. As Jess Burn and I finalized this report, we couldn’t help but think that organizations that are blind to what’s […]

Building a robust vulnerability risk strategy takes input from multiple resources. More importantly, it requires input on factors specific to your company.

Last week, the number of CVE vulnerabilities received and analyzed by the National Vulnerability Database for 2022 surpassed the total number of CVEs for 2021. With nine weeks still left in 2022, we are on pace to crush last year’s record of vulnerabilities. And we are bound to set another record in 2023. When we […]