The curious case of the 10.0 CVSS- The 2025 edition
As we look back at the cybersecurity landscape over the past year, 2025 didn’t give us another eye‑watering spike in CVSS 10.0 scores, it did something a bit more insidious. Instead of a single outlier, it cemented a new normal in a deluge of vulnerability volume, thousands of “criticals”, and a patching problem that simply […]
Reporting to the Board
Vulnerability management is under more scrutiny than ever, and boards increasingly expect clear, business‑oriented reporting on how exposed the organization really is. Instead of drowning in scanner outputs and technical jargon, CISOs are being asked a simple question: “Where are we most at risk, and how quickly are we reducing that risk?” Why vulnerability metrics […]
How AI‑Driven Virtual Patching Actually Fits into Your Vulnerability Management Program and How To Measure Success
In vulnerability management, there is a quiet truth everyone knows but few admit: you are never fully patched. Even on a good day, there is always a backlog of missing updates, risky compensating controls, and at least one legacy system everyone hopes the attacker never finds. The reality of “never fully patched” Most programs today […]
Dependency Cascades, Criticality Collapse, and the Open Source Multiplier
In the interconnected world of software development, understanding how dependencies interact and how they can collectively fail is more important than ever. Two concepts have emerged as central risks: dependency cascades and criticality collapse. When you add the modern surge in incorporating open source software into various applications, these risks don’t just increase they multiply. […]
The true cost of the Criticality Collapse
Calling it a collapse is perhaps a little melodramatic. It is really about highlighting how the prioritization of vulnerabilities as a solution to your vulnerability management woes is rapidly starting to lose its effectiveness. There is a flood of new critical CVE’s being discovered and the trends point to it getting worse, so your list […]
The Criticality Collapse is upon us
We wrote a blog post 6 months ago titled “the Curious Case of the 10.0 CVSS Score”, and the industry was in shock: 2024 had produced an unprecedented 231 vulnerabilities rated a perfect 10.0. It seemed like an anomaly, a statistical outlier in the Common Vulnerability Scoring System’s twenty-year history. Fast‑forward to today this year […]
O Inspector, where art thou?
The number one question we hear at Innoculator from clients is “Where or how should I install the Inspectors?” and to be fair, it’s a good question. Unfortunately, the answer isn’t necessarily straight forward. However, the design rationale and why part of this discussion are for another blog post. Today we will simply ask the […]
Bridge over the Patch Gap: How Innoculator Helps Australian Companies Achieve Essential Eight Compliance
If you operate in Australia, you’ve likely heard of the Australian Cyber Security Centre’s (ACSC) Essential Eight — the government’s recommended baseline strategies to mitigate cyber threats. On paper, the Essential Eight is straightforward: patch your systems, control your applications, harden your defences, and protect your data. In practice, however, many organisations hit the same […]
Rethinking Cybersecurity Pricing: Introducing Innoculator Pricing
At Innoculator, we believe cybersecurity should be accessible, predictable, and aligned with how modern teams actually operate. Too often, businesses are forced into complicated licensing structures, endless feature tiers, or pricing that scales unpredictably as they grow. That changes today. We’re excited to announce a bold new approach to cybersecurity pricing: US$10 per workload, per […]
Log4J- the Broken Record Edition
Yes, I know we tend to harp on about Log4J on this blog, and apologies for that upfront, but recent events have highlighted the importance of getting this fixed. If I was to say “Mango Sandstorm” to you, you could be excused for thinking this was an exotic cocktail. In this case however, we are […]