High-Tech Bridge Security Research
High-Tech Bridge devotes significant internal resources to continuous security research. Some of the security studies we perform are regularly published in our blog. Vulnerabilities that our security researchers discover almost every week, help software vendors to improve security and reliability of their products. Above 300 large vendors fixed security vulnerabilities thanks to High-Tech Bridge Security Research Lab, including Microsoft, IBM, Novell, McAfee, Sony, HP, Samsung, PHP, OpenOffice, Corel, WordPress, Joomla, OpenX, SugarCRM, MantisBT, e107, MODX, Bitrix and many others.
|525||Security Advisories |
Patch Available Upon Disclosure
|2014 Q3 100%|
|2014 Q2 92%|
|2014 Q1 94%|
|2013 Q4 89%|
|2013 Q3 92%|
|2013 Q2 100%|
Vendor Average Time to Patch
|2014 Q3 21 days|
|2014 Q2 18 days|
|2014 Q1 12 days|
|2013 Q4 8 days|
|2013 Q3 13 days|
|2013 Q2 30 days|
Practical step-by-step guidance after your company has been hacked July 1, 2015
Everybody tends to think that hackers will never ever target them or their company/organisation until a breach occurs. We have already published several practical examples explaining why hackers target you and your data. Here, I will try to concentrate on post-incident actions and provide some brief advice on what to do after you have been hacked.
The most common information security mistakes of e-commerces June 22, 2015
Almost every month a new incident involving a big retailer, e-commerce or web platform makes the news headlines. Most retail fraud is now committed online, and in 2014 alone hackers managed to steal more than 61 million records from retailers. We will try to analyze the most common managerial and operational mistakes retail organizations make when defending against hackers.
The top mistakes banks make defending against hackers June 15, 2015
Many financial institutions fail to perform comprehensive risk analysis and assessment, exposing their companies and clients to enormous risk.
Why PCI’s Mandatory Pen Testing is no Silver Bullet June 12, 2015
On 1st June 2015 the new PCI (Payment Card Industry) 3.0 standard became mandatory, and includes a requirement to conduct web penetration testing at least once a year.
How often should companies conduct web penetration testing? May 26, 2015
Following our previous blog post “How long does website penetration testing take” we received a lot of questions from our customers and partners about the recommended frequency of penetration testing for their web applications. In this blog post we will answer that question.