Articles by Jeremiah Grossman

Personal site:

Bit Discovery Raises $4 Million Series B as Attack Surface Management Gains Momentum

By Jeremiah Grossman on June 25, 2021

Bit Discovery Raises $4 Million Series B as Attack Surface Management Gains Momentum

10 Reasons Why Websites STILL Get Hacked

By Jeremiah Grossman on June 24, 2021


Over 2 billion Internet-connected assets are listening on ports 80 and 443, each most likely containing some number of vulnerabilities. Do the math.


Most companies remain unaware of the websites they own, what they do, or who is responsible for them. Obviously, you can only scan and secure what …

Read More

WhiteHat – Bit Discovery partnership announcement

By Jeremiah Grossman on April 27, 2021

20 years ago, I founded WhiteHat Security, a company helped pioneer the Application Security industry and revolutionized vulnerability management. Beyond finding and fixing vulnerabilities throughout the SDLC, we saw that the largest and most important problem all of WhiteHat’s customers faced was attack surface management  — finding all their websites …

Read More

High-Fidelity Attack Surface Mapping

By Jeremiah Grossman on April 12, 2021

“High-fidelity” is the reproduction of sound with little distortion, resulting in a product very similar to the original. Similarly, in information security, having a clear picture of your attack surface is critical. Breaches happen when adversaries know more than you about your attack surface. These days, you simply cannot afford …

Read More

“Responsible Person” and Attack Surface Management

By Jeremiah Grossman on January 26, 2021

One might assume it would be common practice within every IT department for there to be a centralized source of truth to easily lookup the primary contact for every IT asset (i.e. network range, hostname, IP address, or domain name).

This person, or group of people, is typically referred to …

Read More

Attack Surface Management: “These assets no longer belong to us”

By Jeremiah Grossman on January 13, 2021

Bit Discovery has been tracking the attack surface maps for hundreds of companies for a few years now. In the process we’ve found an interesting use-case. Companies will have assets in their inventory that they were once interested in, then they’ll suddenly say, “these assets no longer belong to us,” …

Read More

The Attack Surface is Foundational Knowledge

By Jeremiah Grossman on December 30, 2020

Foundational knowledge is information, or a skillset, generally accepted as essential to understanding more advanced cognitive subjects or performing increasingly sophisticated processes. As a simple example, learning basic addition is necessary before taking on multiplication. Familiarity with the fundamentals of TCP/IP is necessary before grasping how ACLs and network firewalls work. …

Read More

Analyze the Attack Surface Before Taking a CISO Job

By Jeremiah Grossman on December 29, 2020

I once had a conversation with a Chief Financial Officer (CFO) who said whenever they join a new company, they never know what they’ll find lurking in the financials until well after their first day. They said it’s a little nerve wracking to be unclear about the level of accuracy …

Read More

We want to scan “ALL” our websites…

By Jeremiah Grossman on December 21, 2020

Back in my days at WhiteHat Security, countless customer conversations would begin with them saying, “We want to [DAST] scan all of our websites.” DAST refers to Dynamic Application Security Testing. To which we’d instantly reply, “Great! Just give us the list, and some test account credentials, and we’ll get …

Read More

Why Attack Surface Management is Hard

By Jeremiah Grossman on December 18, 2020

Everyone agrees that attack surface management is critically important, as it is the very first step of any information security program. While enterprise interest and market traction for attack surface management is building, it’s curious why every organization doesn’t already have an up-to-date attack surface map. They should! It may …

Read More