I’ve been working on this for a couple months now. Basically, we all know the truth of the matter is that intrusions happen because we security guys are not able to patch the things that matter, fix the areas that intruders will use to break in and steal credit cards or SSN’s or … passwords, now. I realize that there is a lot of hype about advanced bad guys, zero day exploits, and so on. And there are things there to be worried about.

However, the vast majority of all cyber-crime is happening because we are not doing the basics well. That was a major factor in my deciding to move to Core Security last year. I wanted to make a difference for a lot of people, across the whole of security. We focus on something that I think is key in all of this, which is dealing with the data overload that exists around vulnerability management. As part of this effort, I realized that most companies really have no idea if their vulnerability management is good or bad, how to measure it, what constitutes …