Steve Carter

STOKED to see folks using GreyNoise alongside @CISAgov's Known Exploited Vulnerability (KEV) as ground truth data. Huge shoutout to @nucleussec for the writeup. nucleussec.com/blog/cisa-kev-…

@JaredSemrau 100% @JaredSemrau. It seems like the media and vendor over-hype machine is at work here. Definitely something worth assessing for impact to your environment quickly, but if you are just observing media/vendor response one might conclude it is a Log4Shell-level (or worse) vuln.

SpringShell/Spring4Shell/CVE-2022-22965 is a thing, but it's not the thing everyone is trying to convince us it is. It is nowhere near as serious as Log4Shell. Further, conflation between mass scanning activity and "exploitation" exacerbates this, and creates a false narrative.

@JaredSemrau @Mandiant @nucleussec @jaredsemrau The 15 years of vuln research and analysis shows! We started the journey to identify a vuln intel partner over a year ago and what sold us on Mandiant was the amount manual work you put into curating the vuln intel feed. Some things that you just can't automate!

This will be a great partnership between @Mandiant and @nucleussec! My team has been diligently creating and maintaining vulnerability intelligence for the past 15 years, and I'm always happy to know that more people will benefit from our hard work and dedication! Great news!

@jeremiahg I think a Cybertruck would suit you better @jeremiahg. You can have one of my reservations ;)

I called the local Tesla dealer in Boise to schedule a Model S test drive. Agent appologetically informed me they’re expecting one to arrive mid-summer and to call back in a couple months. 🤔

@riskybusiness Fantastic concept Pat! Please add @nucleussec to the list of vendors ready to show and tell when you go live :)

We’re thrilled today to announce a first-of-its-kind integration with our trusted technology partner Snyk, a security organization aiming to help developers secure use of open-source code. Get the full story here -> bit.ly/3bjfpFV #vulnerabilitymanagement

For my non-security-vendor friends. Has your organization used internal development resources to build custom vulnerability management tools, scripts, dashboards, etc for internal use?

Check out our COO Scott Kuffer talk about #vulnerabilitymanagement and asset management in the age of remote work at the @cyberhubengage virtual summit tomorrow!

@jeremiahg How many weeks/months of shelter in place before working from the office is the new hotness and having office space at corporate is a perk?!?

WHEN we eventually get past the COVID-19 pandemic, many things in life, business, and government will be forever changed. The question is, what are those things? Change always represents an opportunity for improvement, but it’s never guaranteed.

@manicode This was very helpful Jim!!! Can you show me how to eat crab legs properly?

As many of your know my favorite customer from Kansas City, MO sent me some genuine KC ribs. Here is my rib consumption video. No ribs were harmed or wasted in this video!

We are excited to be back on the @riskybusiness podcast this week to talk vuln management and overcoming scan coverage challenges using @BitDiscovery and @RumbleDiscovery. Check it out risky.biz/RB574/!

We use them and we love them. Can’t recommend too highly...

We are excited to announce our integration with the @bitdiscovery asset discovery platform! @nucleussec customers can finally incorporate an accurate external asset inventory into their vulnerability management programs! Read more about the benefits here: nucleussec.com/bd