Risky Business Risky Biz Soap Box: runZero shakes up vulnerability management
Sep 15, 2025
HD Moore, industry legend and CEO of RunZero, discusses the company’s revolutionary approach to vulnerability management. He explains how the new Nuclei integration enables precise identification of vulnerabilities without deploying overly privileged credentials. The conversation highlights the need for agile solutions in vulnerability scanning and the importance of focusing on exploitable risks. Moore also touches on the stagnation of traditional management practices and how RunZero aims to innovate and streamline security operations for organizations of all sizes.
AI Snips
Chapters
Transcript
Episode notes
Unmanaged Assets Drive Breaches
- RunZero started as asset discovery because pen tests kept finding unknown devices and subnets.
- HD Moore says those unmanaged assets are the ones attackers exploit most often.
Speed Trumps Mass Coverage
- Traditional vulnerability management is slow: scan, patch, wait cycles leave gaps for exploitation.
- RunZero aims to immediately surface where exposed devices exist when new threats appear.
Agent Coverage Isn’t The Whole Picture
- EDR vendors focus on agent-based, host-centric visibility and neglect network-exposed services.
- HD warns that agent lists miss exposed services and unreachable-but-exploitable hosts.