Risky Business Risky Biz Soap Box: runZero shakes up vulnerability management
13 snips
Sep 15, 2025 
HD Moore, industry legend and CEO of RunZero, discusses the company’s revolutionary approach to vulnerability management. He explains how the new Nuclei integration enables precise identification of vulnerabilities without deploying overly privileged credentials. The conversation highlights the need for agile solutions in vulnerability scanning and the importance of focusing on exploitable risks. Moore also touches on the stagnation of traditional management practices and how RunZero aims to innovate and streamline security operations for organizations of all sizes.
AI Snips
Chapters
Transcript
Episode notes
Don’t Spray Credentials During Scans
- Avoid credential-spraying authenticated scans on untrusted networks because they leak credentials.
- Use unauthenticated discovery first to know what an attacker can reach without risking credential theft.
Fuse Scanning With API Data
- Combining unauthenticated scanning with API and EDR ingestion gives near-complete exposure visibility.
- RunZero fuses network scans, cloud API data, and EDR feeds to find what other tools miss.
Prioritize Exploitability Over Compliance
- Prioritize exploitable, reachable issues over checkbox compliance scans that rarely reduce breach risk.
- Focus on default credentials, misconfigurations, and exposed admin panels, not just CVE patch lists.