Tag

patch management

10 articles on patch management.

← All blog posts
BlueHammer Defender Exploitation: July 2026 Patch SLA For Windows Fleets
ResearchJul 4, 2026

BlueHammer Defender Exploitation: July 2026 Patch SLA For Windows Fleets

BlueHammer coverage shows why endpoint patching, CISA KEV context, CVE Watch, and IOC enrichment have to work together when local privilege escalation becomes ransomware tradecraft.

4 min read
CERT-FR, MSRC, GHSA et advisories fournisseurs : le contexte qui rend les CVE remédiables
ResearchMay 24, 2026

CERT-FR, MSRC, GHSA et advisories fournisseurs : le contexte qui rend les CVE remédiables

Les advisories expliquent quoi corriger, quelle version viser, quel contournement appliquer et comment communiquer le risque CVE aux équipes.

5 min read
EPSS et CVE : utiliser la probabilité d’exploitation sans perdre le contexte métier
ResearchMay 24, 2026

EPSS et CVE : utiliser la probabilité d’exploitation sans perdre le contexte métier

EPSS aide à trier les CVE selon leur probabilité d’exploitation, mais il doit être combiné avec KEV, CVSS, CPE, exposition et criticité métier.

5 min read
Backfill NVD : pourquoi la complétude du catalogue CVE change toute la priorisation
ResearchMay 24, 2026

Backfill NVD : pourquoi la complétude du catalogue CVE change toute la priorisation

Un catalogue CVE incomplet fausse les métriques, les timelines et les décisions patch. Voici pourquoi le backfill NVD est une fondation de sécurité, pas une tâche technique secondaire.

6 min read
Pourquoi les CVE sont critiques pour les SOC, même quand tout semble déjà monitoré
VulnerabilitiesMay 24, 2026

Pourquoi les CVE sont critiques pour les SOC, même quand tout semble déjà monitoré

Les CVE ne sont pas seulement un sujet patch management : elles structurent la priorisation SOC, le threat hunting, les contrôles compensatoires et la communication de crise.

5 min read
CVE Numbering Authorities and the Vulnerability Disclosure Process: A 2026 Practitioner Guide
VulnerabilitiesApr 25, 2026

CVE Numbering Authorities and the Vulnerability Disclosure Process: A 2026 Practitioner Guide

Understand how CVEs are born—from initial vulnerability discovery through CNA assignment, coordinated disclosure, and publication—plus how this pipeline shapes defender priorities and SEO-visible vulnerability data.

10 min read
EPSS vs CVSS vs KEV: How to Prioritize CVEs When Everything Looks Critical
ResearchApr 21, 2026

EPSS vs CVSS vs KEV: How to Prioritize CVEs When Everything Looks Critical

Cut through scoring confusion: compare CVSS severity, EPSS exploit probability, and CISA KEV active exploitation—and learn a practical model for patch and compensating-control decisions.

9 min read
EPSS Explained: Using the Exploit Prediction Scoring System to Prioritize Patches in 2026
AI & MLApr 21, 2026

EPSS Explained: Using the Exploit Prediction Scoring System to Prioritize Patches in 2026

A practical guide to the Exploit Prediction Scoring System (EPSS)—how it works, how it complements CVSS and KEV, and how security teams can use EPSS probabilities to prioritize vulnerability management at scale.

9 min read
CVE & Vulnerability Management in 2026: From Disclosure to Patch at Scale
VulnerabilitiesApr 17, 2026

CVE & Vulnerability Management in 2026: From Disclosure to Patch at Scale

A practical guide to the CVE ecosystem, CVSS scoring, exploitability signals, and how security teams prioritize vulnerabilities without drowning in scanner noise.

8 min read
CVSS 4.0 Explained: A Complete Guide to Vulnerability Severity Scoring in 2026
VulnerabilitiesApr 17, 2026

CVSS 4.0 Explained: A Complete Guide to Vulnerability Severity Scoring in 2026

Master the Common Vulnerability Scoring System v4.0 with a practical breakdown of base, threat, environmental, and supplemental metrics—and learn how to translate CVSS into real-world risk decisions.

10 min read