Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Jen Ellis  

What's Happening With Markups for the IoT Cybersecurity Improvement Act of 2019?

In recent weeks, the House and Senate have drafted versions of the IoT Cybersecurity Improvement Act of 2019. Here are are thoughts.…

(Re)Introducing Rapid7’s Podcast, Security Nation

This week, we are re-launching Rapid7’s podcast, Security Nation. The new, re-imagined podcast will focus on showcasing people and projects that are advancing security in their own ways.…

The IoT Cybersecurity Improvement Act of 2019

In this blog post, we will walk through the newly introduced IoT Cybersecurity Improvement Act of 2019 and describe Rapid7's position on it.…

Patching CVE-2017-7494 in Samba: It's the Circle of Life

With the scent of scorched internet still lingering in the air from the WannaCry Ransomworm, today we see a new scary-and-potentially-incendiary bug hitting the twitter news. The vulnerability - CVE-2017-7494 - affects versions 3.5 (released March 1, 2010) and onwards of Samba, the defacto…

Rapid7's Position on the U.S. Executive Order on Immigration

On Friday, January 27th, 2017, the White House issued an Executive Order entitled, “Protecting The Nation from Foreign Terrorist Entry into The United States.”  As has been well-publicized, the Order suspends some immigration from seven Muslim-majority countries — Syria, Yemen, Sudan, Somalia, Iraq, Iran and Libya…

Research Report: Vulnerability Disclosure Survey Results

When cybersecurity researchers find a bug in product software, what's the best way for the researchers to disclose the bug to the maker of that software? How should the software vendor receive and respond to researchers' disclosure? Questions like these are becoming increasingly important as…

Vulnerability Disclosure and Handling Surveys - Really, What's the Point?

Maybe I'm being cynical, but I feel like that may well be the thought that a lot of people have when they hear about two surveys posted online this week to investigate perspectives on vulnerability disclosure and handling. Yet despite my natural cynicism, I believe…

12 Days of HaXmas: Political Pwnage in 2015

This post is the ninth in the series, "The 12 Days of HaXmas." 2015 was a big year for cybersecurity policy and legislation; thanks to the Sony breach at the end of 2014 year, we kicked the new year off with a renewed focus on…

12 Days of HaXmas: Rapid7 Gives to You... Free Professional Media Training (Pear Tree Not Included)

Ho ho ho, Merry HaXmas! For those of you new to this series, every year we mark the 12 days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year we're kicking the series off with something not altogether…

New DMCA Exemption is a Positive Step for Security Researchers

Today the Library of Congress officially publishes its rule-making for the latest round of exemption requests for the Digital Millennium Copyright Act (DMCA).  The advance notice of its findings revealed some good news for security researchers as the rule-making includes a new exemption to…

Why I Don't Dislike the Whitehouse/Graham Amendment 2713

[NOTE: No post about legislation is complete without a lot of acronyms representing lengthy and forgettable names of bills. There are three main ones that I talk about in this post: CISA – the Cyber Information Sharing Act of 2015 – Senate bill that will…

Rapid7's Comments on the Wassenaar Arrangement Proposed Rule for Controlling Exports of Intrusion Software

For the past two months, the Department of Commerce's Bureau of Industry and Security (BIS) has been running a public consultation to solicit feedback on its proposal for implementing export controls for intrusion software under the Wassenaar Arrangement. You can read about the proposal and…

Wassenaar Arrangement - Frequently Asked Questions

The purpose of this post is to help answer questions about the Wassenaar Arrangement.  You can find the US proposal for implementing the Arrangement here, and an accompanying FAQ from the Bureau of Industry and Security (BIS) here. For Rapid7's take on Wassenaar, and…

Response to the US Proposal for Implementing the Wassenaar Arrangement Export Controls for Intrusion Software

On May 20th 2015, the Bureau of Industry and Security (BIS) published its proposal for implementing new export controls under the Wassenaar Arrangement. These controls would apply to: systems, equipment or components specially designed for the generation, operation or delivery of, or communication with, intrusion…

Will the Data Security and Breach Notification Act Protect Consumers?

Last week, the House Energy and Commerce Committee published a discussion draft of a proposed breach notification bill – the Data Security and Breach Notification Act of 2015. I'm a big fan of the principles at play here: as a consumer, I expect that if a…

Never miss a blog

Get the latest stories, expertise, and news about security today.