High-Tech Bridge Security Research
High-Tech Bridge devotes significant internal resources to continuous security research. Some of the security studies we perform are regularly published in our blog. Vulnerabilities that our security researchers discover almost every week, help software vendors to improve security and reliability of their products. Above 300 large vendors fixed security vulnerabilities thanks to High-Tech Bridge Security Research Lab, including Microsoft, IBM, Novell, McAfee, Sony, HP, Samsung, PHP, OpenOffice, Corel, WordPress, Joomla, OpenX, SugarCRM, MantisBT, e107, MODX, Bitrix and many others.
|527||Security Advisories |
Patch Available Upon Disclosure
|2014 Q3 100%|
|2014 Q2 92%|
|2014 Q1 94%|
|2013 Q4 89%|
|2013 Q3 92%|
|2013 Q2 100%|
Vendor Average Time to Patch
|2014 Q3 21 days|
|2014 Q2 18 days|
|2014 Q1 12 days|
|2013 Q4 8 days|
|2013 Q3 13 days|
|2013 Q2 30 days|
Continuous monitoring and web security: Are you competitive with Black Hats? August 28, 2015
Nowadays security companies have to compete not only with other vendors, but also with sophisticated cyber gangs. If you will fail to detect and patch security vulnerabilities in a timely manner – Black Hats will do it for you, but for their own ends.
Web Application Security Testing: SAST, DAST or IAST? August 10, 2015
In this short blog post we will try to understand in quick and simple manner the difference between SAST and DAST testing methodologies, their advantages and disadvantages, as well as utility to combine them from the business point of view.
Modern APTs start at your corporate website August 4, 2015
There hasn’t been a day in recent months when the term “Advanced Persistence Threat” wasn’t making headlines in the media. According to ISACA APT Awareness Study, 93.6 per cent of respondents consider APTs to be a “very serious threat” for their companies.
Cybersecurity and geopolitics are intertwined July 29, 2015
What is the relation between growing security spending, increasing hacking attacks and falling economy?
How to manage PCI DSS 3.1 Requirement 6.6 for your web applications July 24, 2015
One of the PCI DSS 3.1 requirements is Requirement 6.6 dedicated to web application security. In this blog post we will try to understand how to comply with the requirement in cost-efficient manner.