Rapid7 is on a mission to drive the SecOps movement into the future, and we take that to heart with our holistic approach to security. Rapid7 has policies and procedures in place to keep our data, platform, and products secure, so that we can continue creating tools and services that keep our customers secure.
Rest assured: Rapid7’s approach to security is established on four core pillars essential to trust.
Availability
You have access to your data when you need it and our operational status is always up to date.
Have questions? We have answers.
Read What’s New on the Rapid7 Blog
Rapid7 offers continued vulnerability coverage in the face of NVD delays
Recently, the US National Institute of Standards and Technology (NIST) announced
on the National Vulnerability Database (NVD) site [http://nvd.nist.gov/] that
there would be delays in adding information on newly published CVEs. NVD
enriches CVEs with basic details about a vulnerability like the vulnerability’s
CVSS score, software products impacted by a CVE, information on the bug,
patching status, etc. Since February 12th, 2024, NVD has largely stopped
enriching vulnerabilities.
Given the bro
Patch Tuesday - March 2024
No zero-day vulns this month. A single critical RCE: Hyper-V guest escape. Exchange malicious DLL RCE. SharePoint ACE. Azure Kubernetes Service Confidential Containers. Windows 11 compressed folders.
High-Risk Vulnerabilities in ConnectWise ScreenConnect
On February 19, 2024 ConnectWise disclosed two vulnerabilities in their ScreenConnect remote access software. Both vulnerabilities affect ScreenConnect 23.9.7 and earlier.
Rapid7 is trusted by over 11,000 customers
