Best Practices

YesWeHack vulnerability triage chief Adrien Jeanneau on the art of triaging bug bounty vulnerability reports in this YesWeHack interview

‘Happy hunters equal happy customers and vice versa’: YesWeHack vulnerability triage chief Adrien Jeanneau on creating a virtuous Bug Bounty circle

Servers with mess of wires plugged in in an example of tech sprawl

Tackling tech sprawl, CISO burnout, NIS 2 now enforceable – OffSec roundup for CISOs

EU flag on parliament building with text on left side of image: "NIS 2 Enters into force"

The NIS 2 Directive is now enforceable: What are the implications for vulnerability management?

The Windows blue screen of death took down an estimated 8.5 million Windows machines following a botched CrowdStrike software update.

Partial SolarWinds reprieve, CrowdStrike lessons, LLM kryptonite – OffSec roundup for CISOs

NIS 2 in brief, security tech hype cycle, Italy’s first ever live Bug Bounty – OffSec roundup for CISOs

Apple declines to pay Kaspersky vuln reward, Bug Bounty ‘extortion’ dispute, Microsoft Recall backlash – OffSec roundup for CISOs

Countdown to NIS 2 compliance: Key insights and implications for your SecOps strategy

Man wearing black smart watch

UK PSTI Act: ‘World first’ IoT security rules offer reminder of VDP virtues

US SEC cybersecurity rules, SolarWinds charges and security testing

US SEC cyber rules, SolarWinds CISO charges: How a unified OffSec strategy can enhance your SEC disclosures

9 rules for a successful first-time Bug Bounty Program

9 rules for a successful first-time Bug Bounty Program

Bug bounty misconceptions

Busting Bug Bounty misconceptions

Dora and YesWehack

How Bug Bounty and Attack Surface Management can help you comply with the Digital Operational Resilience Act’s upcoming requirements