The SEC should require disclosure of cybersecurity controls

January 17, 2025

8-K filings for material cybersecurity incidents should require disclosure of all cybersecurity controls (software and services) in place when the event occurred.

Discussion: LinkedIn

Twitter Facebook LinkedIn

Atomic Red Team ATT&CK tool updated to v16.1

January 17, 2025

Just a quick note to point out that the Atomic Red Team test tracking tool has been updated to reflect MITRE ATT&CK v16.1.

Known exploited vulnerabilities by market cap

January 14, 2025

It’s easy to criticize vendors for the number of known exploited vulnerabilities in their software, but raw counts lack context. A company with 100 software products will naturally have more vulnerabilities than one with a smaller portfolio. However, product count alone doesn’t account for a company’s size or resources.

Cybersecurity stat of the day: CISA KEV vulnerabilities 2.8 years old, on average

January 14, 2025

Cybersecurity stat of the day: The average delta (in years) between CVE assignment and addition to the CISA Known Exploited Vulnerability (KEV) catalog is 2.8 years. 🤯

Script to log OverSight camera/mic events on macOS

December 8, 2024

I’m a huge fan of Objective-See, Patrick Wardle’s non-profit organization, and the arsenal of invaluable macOS secuirty tools he provides.

by Keith McCammon

The SEC should require disclosure of cybersecurity controls

You May Also Enjoy

Atomic Red Team ATT&CK tool updated to v16.1

Known exploited vulnerabilities by market cap

Cybersecurity stat of the day: CISA KEV vulnerabilities 2.8 years old, on average

Script to log OverSight camera/mic events on macOS