“Many security teams measure the increase or decrease of reported incidents. That sounds reasonable, but it’s a flawed metric that does not necessarily reflect an improved security posture because it excludes the unknown. Time is better spent scanning for vulnerabilities and flaws across applications and infrastructure to ensure full visibility into risk—which is much more likely to improve security.” – Ernesto DiGiambattista, ZeroNorth Read more

Share This