Research and field notes on evidence-based detection, version-aware matching, threat-intelligence prioritisation, and the craft of telling teams what actually matters.
A 9.8 that no one is exploiting is a distraction. A 7.5 that ransomware crews are using right now is an emergency. Severity was never meant to be a to-do list.
Read the post →Most tools match a product to a CVE and stop there. The version you actually run decides whether the finding is real — and it's where the false positives hide.
Three feeds, three very different questions. Knowing what each one actually tells you — and what it doesn't — is the foundation of defensible prioritisation.
If a tool can't show you how it reached a conclusion, you can't defend it to an auditor, a developer, or an executive. Every Argus finding carries its evidence.