Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

nCircle Announces Patch Priority Index

RSA Conference News

SAN FRANCISCO – RSA CONFERENCE 2012 – Organizations with large and disparate IT systems are often challenged in dealing with vulnerability management initiatives and determining what order vulnerabilities should be addressed in order to more effectively improve their risk posture.

RSA Conference News

SAN FRANCISCO – RSA CONFERENCE 2012 – Organizations with large and disparate IT systems are often challenged in dealing with vulnerability management initiatives and determining what order vulnerabilities should be addressed in order to more effectively improve their risk posture.

nCircle, a provider of information risk and security performance management solutions, today announced a “Patch Priority Index” which is designed to help organizations prioritize the most critical vulnerabilities that should receive immediate remediation.

Free and publicly available, nCircle’s Patch Priority Index (PPI) provides a researched list of vulnerabilities that global IT security teams can use to provide security teams a fast and efficient path to a more secure network.

Created by nCircle’s Vulnerability and Exposure Research Team (VERT), the index is compiled using a range of unique sources with security experts reviewing a variety of criteria and selecting the most severe issues that can be patched in a given month as candidates for the list. For a vulnerability to be included on the PPI list, it MUST have a patch available, nCircle said. VERT researches each vulnerability and ranks them using the following criteria:

• Attack Vector

• CVSS Score

• Availability of Public Exploit Code

• Popularity of the Service or Software

• Customer Feedback

• Worst-Case Attack Scenarios

• Attack Outcome

“Deploying software patches is a complex process even for smaller organizations,” said Lamar Bailey, director of security research and development for nCircle. “Companies need deep security knowledge to identify and prioritize the software updates that will translate into the greatest security improvements. VERT’s security experts created PPI to give every business access to an up-to-date, prioritized ‘patch immediately’ list that translates directly into a more security network.”

nCircle said the Patch Priority Index will be updated monthly and will be publicly available to any IT security professional.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.