Start Here... It's been a while since my last post. As I puzzled through the work, I realized I was missing a few pieces of my usual kit. One of them is a Threat Intelligence Platform (TIP). I did have an old Malware Information Sharing Platform (MISP) that I had maintained for several years. It contained everything from OSINT to CVEs to data breach information. I decided last year to decommission the server. What a colossal mistake. There were years of valuable information i

Resilience, Attack Surface, and Exposure (RASE)

An examination of the MITRE Top 25 CWE for 2025.

Resilience, Attack Surface, and Exposure (RASE)

December 1, 2025 Quantifying the loss-magnitude signatures, governance breakpoints, thematic clusters, attack surfaces, cost drivers, and blast-radius patterns across these scenarios serves one central purpose: to turn narrative cyber incidents into measurable business risk. Without quantification, organizations are left guessing about which threats actually matter, how big the losses could be, and where governance or control failures create systemic exposure. By translating

December 1, 2025 This similarity and difference report provides a consolidated analysis of multiple threat synopses to reveal the recurring patterns, unique characteristics, and comparative risk dynamics that shape an organization’s overall cyber-risk landscape. By examining how these threats align or diverge in their behaviors, access vectors, governance pressures, and financial impacts, the report enables readers to identify systemic weaknesses, prioritize control investmen