Toward greater transparency: Unveiling Cloud Service CVEs | MSRC Blog Welcome to the second installment in our series on transparency at the Microsoft Security Response Center (MSRC). In this ongoing discussion, we discuss our commitment to provide comprehensive vulnerability information to our customers. At MSRC, our mission is to protect Read more…
Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into their applications. Unfortunately, developers are not writing their own code Read more…
New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs A new report from XM Cyber has found – among other insights – a dramatic gap between where most organizations focus their security efforts, and where the most serious threats actually reside. The new report, Navigating the Paths of Risk: Read more…
Toward greater transparency: Adopting the CWE standard for Microsoft CVEs | MSRC Blog At the Microsoft Security Response Center (MSRC), our mission is to protect our customers, communities, and Microsoft from current and emerging threats to security and privacy. One way we achieve this is by determining the root cause Read more…
Security Update Guide Supports CVEs Assigned by Industry Partners | MSRC Blog Hi Folks, This month we are introducing a new data element for each CVE in the Security Update Guide, called Assigning CNA. First let me back up a bit and give some information about the CVE program. The Read more…
Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API | MSRC Blog Microsoft is pleased to announce that beginning January 11, 2023, we will publish CBL-Mariner CVEs in the Security Update Guide (SUG) Common Vulnerability Reporting Framework (CVRF) API. CBL-Mariner is a Linux distribution built by Microsoft to power Read more…