search menu icon-carat-right cmu-wordmark

Posts by Art Manion

Coordinated Vulnerability Disclosure for DoD Websites

Coordinated Vulnerability Disclosure for DoD Websites

• Blog
Art Manion

Almost 30 years ago, the SEI's CERT Coordination Center established a program that enabled security researchers in the field to report vulnerabilities they found in an organization's software or systems. But this capability did not always include vulnerabilities found on Department of Defense (DoD) sites. In 2017, the SEI helped expand vulnerability reporting to the DoD by establishing the DoD Vulnerability Disclosure program. This blog post, which was adapted from an article in the recently...

Read More
Anatomy of Java Exploits

Anatomy of Java Exploits

• Blog
Art Manion

On behalf of the real author, my colleague David Svoboda (and a couple others who work on the CERT Secure Coding Initiative), here's a post analyzing recent Java exploits....

Read More
Java in Web Browser: Disable Now!

Java in Web Browser: Disable Now!

• Blog
Art Manion

Hi, it's Will and Art here. We've been telling people to disable Java for years. In fact, the first version of the Securing Your Web Browser document from 2006 provided clear recommendations for disabling Java in web browsers. However, after investigating the Java 7 vulnerability from August, I realized that completely disabling Java in web browsers is not as simple as it should be....

Read More
Java 7 Attack Vectors, Oh My!

Java 7 Attack Vectors, Oh My!

• Blog
Art Manion

While researching how to successfully mitigate the recent Java 7 vulnerability (VU#636312, CVE-2012-4681), we (and by "we" I mean "Will Dormann") found quite a mess. In the midst of discussion about exploit activity and the out-of-cycle update from Oracle, I'd like to call attention to a couple other important points....

Read More
Java Security Manager Bypass Vulnerability

Java Security Manager Bypass Vulnerability

• Blog
Art Manion

Last Sunday, another major Java vulnerability (VU#636312) was reported. Until an official update is available, we strongly recommend disabling the Java 7 plug-in for web browsers. This vulnerability is bad news, at least for those of us trying to avoid phishing and drive-by browsing attacks. The vulnerability is caused by a logic bug that allows an applet to grant itself full privileges. More technical details are available in Vulnerability Note VU#636312....

Read More
Vulnerability Data Archive

Vulnerability Data Archive

• Blog
Art Manion

With the hope that someone finds the data useful, we're publishing an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database....

Read More
Vulnerability Severity Using CVSS

Vulnerability Severity Using CVSS

• Blog
Art Manion

If you analyze, manage, publish, or otherwise work with software vulnerabilities, hopefully you've come across the Common Vulnerability Scoring System (CVSS). I'm happy to announce that US-CERT Vulnerability Notes now provide CVSS metrics....

Read More
Vulnerability Analysis at the CERT/CC

Vulnerability Analysis at the CERT/CC

• Blog
Art Manion

Hi, this is Art Manion, the Vulnerability Analysis team lead at the CERT Coordination Center (CERT/CC). For our first blog entry, I'd like to briefly explain our efforts to reduce software vulnerabilities....

Read More

Contact the Author

Art Manion

SEI Digital Library

SEI Publications

Visit the SEI Digital Library to see other publications by Art Manion

View publications