Anyone who has studied for the CISSP exam knows that the "textbook" definition of risk scoring is Risk = Likelihood x Impact.  Typically, the Likelihood and Impact values are represented by ordinal numbers, which are mapped to some qualified value.  We then use a matrix to represent the intersection of these values in order to obtain a final risk score.  Some organizations will use a 3x3 matrix.  Some may use a 10x10.  Here at SimpleRisk, we've seen just about every combination you could imagine in-between, but the most common scenario is a matrix with five Likelihood values and five Impact

Unless you've been hiding under a rock for the past three weeks, you're probably familiar with CVE-2019-0708, also known as the "Bluekeep" vulnerability.  This Remote Code Execution vulnerability in Remote Desktop Services (formerly known as Terminal Services) is particularly nasty as it it is pre-authentication and requires no user interaction.  This makes it the perfect vulnerability to integrate into a self-propagating worm that would quickly spread around the world, just like WannaCry did in 2017.  It also make

Subscribe to bluekeep