Contact Us
Menu
Contact Us
banner-hero

NetRise News & Blog

by Tom Alrich, on May 12, 2022 8:46:39 PM

I recently wrote two posts (the second one is here) about a chilling revelation that Tom Pace of NetRise made at an informal meeting I recently attended. NetRise specializes in firmware security, and Tom has  noted that a huge percentage of software and firmware products aren’t registered at all in the National Vulnerability Database (NVD), meaning there’s no CPE name registered for the product. This means there has never been a single vulnerability reported for the product. Thus, if …

Read Story

by Tom Alrich, on May 9, 2022 1:37:51 PM

A recent post described a presentation I saw last Friday by Tom Pace of NetRise, describing what seems to be a huge security problem. To summarize it: Do you think products with a lot of open vulnerabilities - as indicated by CVE’s listed for the product in the National Vulnerability Database (NVD) - are dangerous and should be avoided? If so, you’re right. By the same token, do you think a product with no open vulnerabilities – …

Read Story

by Thomas Pace, on May 4, 2022 2:27:06 PM

Join ASMGi and NetRise as we discuss the cyber security challenges of Enterprise IoT (XIoT) technology. XIoT is pervasive across critical and non-critical sectors, driving more connectivity than ever before between the cyber and physical worlds spanning industrial, healthcare, and enterprise environments. But deploying IoT and IIoT devices in traditional OT environments can create gaps in cyber security and cyber criminals are taking advantage of the weak security engineered into many XIoT devices to target …

Read Story

by Tom Alrich, on May 2, 2022 12:37:59 PM

I’ll be honest: It’s been quite a while since I seriously worried about anything in cybersecurity other than software vulnerabilities. Almost every serious cyberattack you can name in the last say five years, including Not Petya, SolarWinds, Kaseya, and literally every ransomware attack, was either based on or enabled by at least one software vulnerability. Of course, when the average cybersecurity person thinks about software vulnerabilities, they probably think of badly-trained (or simply incompetent) software coders …

Read Story

by Steve Struthers, on Apr 5, 2022 1:38:34 PM

In the world of xIoT security, we have learned some unfortunate and difficult lessons over the past decade. Events like Mirai, Shellshock, Heartbleed and Log4J have left so many of us with the question … “What’s next? And will it affect me?” Just as importantly, “will it be more or less destructive than what has come before?” The reality we are facing now is that 2021 was a year of significant growth of incidents within …

Read Story

by Jason Dely, on Mar 22, 2022 10:51:25 AM

Many companies have benefited greatly from rapid IT infrastructure changes to enhance a their overall capabilities and operational efficiency. By their very nature, companies operating Industrial Control Systems (ICS) - commonly considered Operational Technology (OT) - strive to derive value and tangible returns from investments made to support their company operations and to facilitate ongoing growth. Demands to perform and produce have never been greater, and today’s hyperconnected world serves to elevate the importance for …

Read Story

by NetRise, on Feb 14, 2022 7:32:31 PM

On the heels of President Biden's executive order focused on improving the Nation's cybersecurity, Software Bill of Materials (SBOM) has garnered unprecedented attention from security professionals in all niches of information security. With good reason, too - how are we supposed to secure mission critical systems (or any system, for that matter) if we don't know what software they're running and the various dependencies and supply chain behind that software? Adoption and implementation of SBOM …

Read Story

by NetRise, on Feb 3, 2022 4:38:35 PM

S4x22 is the largest and most comprehensive ICS-focused cybersecurity conference in the world. Hosted in Miami, Florida, S4 offers a unique take on the typical conference; complete with an exciting location and a variety of social events, while still bringing together the most talented and influential ICS security professionals the industry has to offer. Join us for three days of sun, sand, beer, and nerding out on xIoT security by getting your tickets at https://s4xeventscom/tickets/ …

Read Story

by NetRise, on Jan 27, 2022 10:05:47 PM

According to research released by G2, approximately half of respondent companies used low code platforms for rapid application development. Still, 25% of organizations have security concerns with low-code developed apps. While the number of IoT devices is growing at an exponential rate, organizations feel safer having everything under control, understanding threats and reacting fast to the many risks present in a firmware image. With the exponential growth in the number of connected devices across all …

Read Story

by Derek McCarthy, on Jan 18, 2022 2:11:06 PM

A famous philosopher once asked, “if a black box is opened in a forest, and no one is around to look inside, does it have vulnerabilities?” . . . On second thought, maybe that wasn’t the exact quote, but it captures the mystique that has surrounded eXtended IoT (xIoT) devices since, well, really the very beginning. Think about it: how many security solutions and technologies do we dedicate to our traditional workstations and servers? Endpoint …

Read Story

Subscribe to Newsletter